WEB 跨域postMessage() 漏洞挖掘工具,基本原理:使用AJAX 获取页面代码,结合iframe 和data 协议构造测试环境,然后在iframe 下的window.onmessage 中插入hook 监控onmessage 的参数,最后通过能否被原来的onmessage 逻辑引用参数中的data 属性来判断是否可以跨域传递数据..
☆11Sep 13, 2016Updated 9 years ago
Alternatives and similar repositories for cross_domain_postmessage_vuln_dig
Users that are interested in cross_domain_postmessage_vuln_dig are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- whatweb的插件☆15Aug 15, 2014Updated 11 years ago
- Web在线菜刀☆19Oct 18, 2017Updated 8 years ago
- 针对PHP网马的正则查杀☆13Jan 10, 2018Updated 8 years ago
- 用于快速探测未授权MongoDB数据库结构,取第一条内容,并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical da…�☆26Dec 5, 2016Updated 9 years ago
- ☆16Aug 9, 2017Updated 8 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ZZCMS v8.2-重装GETSHELL工具☆11May 8, 2018Updated 7 years ago
- ☆16Aug 31, 2018Updated 7 years ago
- 《横向移动攻击与检测技术》专栏文章☆17Sep 5, 2019Updated 6 years ago
- nmap模块扫描端口服务后,调用对应的exp检测☆12Jun 9, 2018Updated 7 years ago
- XSS hunter 收集Webview 页面上存在的反射,储存型XSS ,方便应急APP 和前端页面在发布时遇到XSS 安全问题..☆42Oct 9, 2016Updated 9 years ago
- 漏洞复现记录☆11Jun 18, 2019Updated 6 years ago
- 修改htcap的数据库为mysql☆24Jul 9, 2017Updated 8 years ago
- 通过调用zoomeye来获取安装JBoss机器的地址,然后通过HEAD请求植入webshell。 wxPython写了一个界面的控制程序。☆12Mar 28, 2018Updated 8 years ago
- ☆20May 12, 2016Updated 9 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Ssdt Hook Detection tool☆13Nov 11, 2016Updated 9 years ago
- 常用系统服务默认端口列表☆13Apr 25, 2017Updated 8 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago
- ☆15Aug 12, 2009Updated 16 years ago
- 一款开源指纹识别工具。☆15May 19, 2017Updated 8 years ago
- 一个Fuzzing服务器端模板注入漏洞的半自动化工具☆15Aug 4, 2016Updated 9 years ago
- ☆21Jan 31, 2018Updated 8 years ago
- 分布式互联网开放端口与协议扫描☆18Jul 20, 2016Updated 9 years ago
- CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html☆18Feb 5, 2018Updated 8 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- 总结一些渗透中值得关注的默认端口☆23May 19, 2016Updated 9 years ago
- Maintain Windows Persistence with an evil Netshell Helper DLL☆12Jul 28, 2018Updated 7 years ago
- CVE-2017-7269 回显PoC ,用于远程漏洞检测..☆89Oct 27, 2018Updated 7 years ago
- Monitor and prevent unexpected behavior of Java programs.☆14Jul 6, 2021Updated 4 years ago
- 2 web tasks from ZeroNights HackQuest 2016☆50Mar 24, 2017Updated 9 years ago
- 前端信息安全☆10Nov 8, 2017Updated 8 years ago
- ☆106Feb 2, 2018Updated 8 years ago
- 常用的一些Exploit,经常会更新,也欢迎各位提交新的exp给我。☆26Jul 27, 2018Updated 7 years ago
- Burpsuite HTTP 插件,主要用于内网测试,可定制Content-Type和Response Content☆24Jul 2, 2018Updated 7 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Flash最新钓鱼源码对接官方API实现跟随官方升级而升级☆12Sep 30, 2020Updated 5 years ago
- Django+NodeJS+Redis实现实时消息推送☆27Sep 1, 2014Updated 11 years ago
- Track the keyword positions☆19Oct 26, 2013Updated 12 years ago
- 目前生产环境使用的elasticsearch☆10Apr 29, 2014Updated 11 years ago
- ☆16Jul 21, 2017Updated 8 years ago
- Aurora Remote Administration Tool☆20Apr 16, 2018Updated 7 years ago
- version_cache是一个分步式一致性缓存解决方案。☆12Jul 15, 2020Updated 5 years ago