paralax / lfi-labs
small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
☆315Updated 5 months ago
Related projects: ⓘ
- Proof-of-concept to exploit the flaw in the PHP-GD built-in function, imagecreatefromjpeg()☆143Updated 9 years ago
- RIPS - A static source code analyser for vulnerabilities in PHP scripts☆343Updated 8 years ago
- Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)☆575Updated 3 years ago
- Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn rea…☆452Updated 2 years ago
- Content hijacking proof-of-concept using Flash, PDF and Silverlight☆379Updated 5 years ago
- simple script to extract all web resources by means of .SVN folder exposed over network.☆451Updated 7 months ago
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras☆423Updated 4 years ago
- RIPS - A static source code analyser for vulnerabilities in PHP scripts☆310Updated 2 years ago
- Drupal enumeration & exploitation tool☆574Updated 3 years ago
- Exploitation for XSS☆700Updated 3 years ago
- AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.☆609Updated 6 months ago
- Add headers to all Burp requests to bypass some WAF products☆328Updated 6 years ago
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆509Updated 4 years ago
- Lesser Known Web Attack Lab☆327Updated 4 years ago
- Free web-application vulnerability and version scanner☆556Updated last month
- This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabi…☆345Updated 6 years ago
- kadimus is a tool to check and exploit lfi vulnerability.☆511Updated 4 years ago
- SHELLING - a comprehensive OS command injection payload generator☆437Updated 4 years ago
- Web Fuzzing Discovery and Attack Pattern Database☆110Updated 6 years ago
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.☆793Updated 6 years ago
- Exploit written in Python for CVE-2018-15473 with threading and export formats☆518Updated 2 months ago
- HTTP file upload scanner for Burp Proxy☆479Updated 8 months ago
- SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.☆424Updated 4 months ago
- PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container☆403Updated last year
- WebShell Collect☆375Updated 8 years ago
- This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is f…☆160Updated 2 years ago
- a tiny tool for swf hacking, just browse it:)☆238Updated 11 years ago
- A tool for embedding XXE/XML exploits into different filetypes☆1,030Updated 2 months ago
- SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.☆442Updated 6 years ago
- ☆257Updated 5 years ago