VuCSA : Vulnerable Client-Server Application – Made For Learning/Presenting

Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface). Currently the vulnerable application contains the following challenges: If you want to know how to solve these challenges, take a look at the PETEP website, which describes how …

Doctrack – Tool To Manipulate & Insert Tracking Pixels Into Office Open XML Documents

Doctrack is a tool to manipulate and insert tracking pixels into Office Open XML documents. Features Insert tracking pixels into Office Open XML documents (Word and Excel) Inject template URL for remote template injection attack Inspect external target URLs and metadata Create Office Open XML documents (#TODO) Installation You will need to download .Net Core …

XML External Entity – XXE Injection Payload List

In this section, we’ll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows …