渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

JAVA 漏洞靶场 (Vulnerability Environment For Java)

2021年4月15日出现的Chrome payload

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A simple XSS payload host for testing and demonstrating stored/reflected XSS using GitHub Pages. Useful for bug bounty & security research.

Atlassian Companion RCE Vulnerability Proof of Concept

Shows off an RCE with better_errors w/ binding_of_caller using DNS Rebinding

Case Study della Tesi di Laurea Triennale in Ingegneria Informatica UniBg

Independent security researcher specializing in critical vulnerability discovery across enterprise systems, WordPress ecosystems, and cloud infrastructure. Demonstrated track record of identifying zero-day vulnerabilities in software with millions of users.

Much More Than a Prank

PoC (Proof of Concept) de la CVE-2024-4367 - Vulnérabilité RCE dans libwebp. Démonstration complète incluant : création de payloads, scénarios d'attaque, analyse des risques et serveur Express.js de test.

Vulnerable web app

Pentesting report of the Zico2 vulnerable machine using Kali Linux and common exploitation tools.