xss Archives — SkyNet Tools

FinDOM-XSS – Find potential DOM based XSS vulnerability

October 8, 2020October 8, 2020 Admin

Installation Dependencies: LinkFinder Usage To run the tool on a target, just use the following command. This will run the tool against domain.tld. URLs can also be piped to findom-xss and scan on them. For […]

Scopia XT Desktop 8.3.915.4 – Cross-Site Request Forgery (change admin password)

September 9, 2020September 9, 2020 Admin

Go CGI / FastCGI Transport Cross Site Scripting

September 3, 2020September 3, 2020 Admin

The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may […]

XSpear is XSS Scanner on ruby gems

August 21, 2020September 29, 2020 Admin

Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected(or all) params Reflected Params All params(for blind xss, anytings) Filtered […]

XSSer Automated Detection, Exploitation, and Reporting Framework for XSS Vulnerabilities

July 27, 2020September 29, 2020 Admin

Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It provides several options to try to bypass certain filters and various special techniques for code […]

WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection

July 24, 2020 Admin

# Exploit Title: WordPress Theme NexosReal Estate 1.7 – ‘search_order’ SQL Injection # Google Dork: inurl:/wp-content/themes/nexos/ # Date: 2020-06-17 # Exploit Author: Vlad Vector # Vendor: Sanljiljan [ https://themeforest.net/user/sanljiljan ] # Software Version: 1.7 # […]

MyBB 1.8.17 – Cross-Site Scripting

September 13, 2018 Admin

# Exploit Title: MyBB 1.8.17 – Cross-Site Scripting # Date: 2018-08-11 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://mybb.com/download/ # Version: 1.8.17 # Tested on: Ubuntu 18.04 # CVE: CVE-2018-15596 […]

WAScan – Web Application Scanner

July 26, 2018September 30, 2020 Admin

WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using “black-box” method, that means it won’t study the source code of web applications but will […]

WordPress Plugin All In One Favicon Cross Site Scripting

July 19, 2018 Admin

# Exploit Title: WordPress Plugin All In One Favicon <= 4.6 – Authenticated Multiple XSS Persistent # Date: 2018-07-10 # Exploit Author: Javier Olmedo # Website: https://hackpuntes.com/ # Vendor Homepage: http://www.techotronic.de/ # Software Link: https://wordpress.org/plugins/all-in-one-favicon/ […]

MyBB New Threads Plugin – Cross-Site Scripting

July 19, 2018 Admin

# Exploit Title: MyBB New Threads Plugin – Cross-Site Scripting # Date: 7/16/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 # Version: 1.1 # Tested on: Ubuntu 18.04 # […]