A lack of input sanitization leaves PDF documents ripe for exfiltration
XSS for PDFs – New injection technique offers rich pickings for security researchers

cybersec@cybeseclabs.com
A lack of input sanitization leaves PDF documents ripe for exfiltration
NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast...
ScanT3r - Web Security Scanner _____ ___________ / ___/_________ _____/_ __/__ /_____ \__ \/ ___/ __ `/ __ \/ /...
IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker.DocumentationWhen installed, IIS-Raid will process every request and method, check if the X-Password head...
PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payload...
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/.IntroductionVarious security products...
SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQ...
Blind SQL Injection Tool with Golang.UsageDownload andor.go and go to the folder where the file andor.go located. And type this to command promt:go run andor.go --url "http://deneme.com/index.php?id=1"** Note: Get parameter value must be correct, other...
Set of tools for creating/injecting payload into images.SETUPThe following Perl modules are required:- GD- Image::ExifTool- String::CRC32On Debian-based systems install these packages:sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-p...
Simple, configurable "clone & run" DNS Server with multiple useful featuresShould work on Python 2 and 3names.db -> holds all custom records (see examples)Simple wildcards like *.example.comCatch unicode dns requestsCustom actions aka macro: {{...
©2021 By Cyber Sec Labs
Recent Comments