CVE-2014-7205

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

VWA (vulnerable web applications) for SSJI, implemented in NodeJS and ExpressJS

VWA Server-Side JavaScript Injection 10/11/2022 Description This project is a PoC to demonstrate the SSJI vulnerability in CVE-2014-7205, which opens the possibility of RCE (Remote Code Execution) on a target NodeJS Web Server The repository contains two web applications what-is-the-year and the-cutlery-shop, both showcase the same vulnerability Written instructions on how to

Bassmaster Plugin NodeJS RCE

Bassmaster NodeJS Plugin RCE PoC bassmaster-rcepy: A Python script to exploit CVE-2014-7205 nodeshellpy: A Python module to generate a reverse shell for NodeJS !!Only use against servers on which you have permission to test Summary CVE-2014-7205 is a Remote Code Execution vulnerability in Bassmaster Plugin for NodeJS All versions <= 151 are affected The vulnerabil

OSWE Preparation

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

https://github.com/timip/OSWE

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

VWA (vulnerable web applications) for SSJI, implemented in NodeJS and ExpressJS

VWA Server-Side JavaScript Injection 10/11/2022 Description This project is a PoC to demonstrate the SSJI vulnerability in CVE-2014-7205, which opens the possibility of RCE (Remote Code Execution) on a target NodeJS Web Server The repository contains two web applications what-is-the-year and the-cutlery-shop, both showcase the same vulnerability Written instructions on how to

Exploiting CVE-2014-7205 by injecting arbitrary JavaScript resulting in Remote Code Execution.

bassmaster-rce Exploiting CVE-2014-7205 by injecting arbitrary JavaScript resulting in Remote Code Execution I stumbled across this Post by LuuPhu (written in viatnamese) Since I have written some code in NodeJS but never came across exploiting it, I figured why not today? The Python PoC includes two sorts of reverse shells: A simple NC reverse shell A "simple" Nod

https://github.com/ManhNho/AWAE-OSWE

AWAE/OSWE Preparation for coming AWAE Training Work in progress Facebook discuss group wwwfacebookcom/groups/262623168007439 Course syllabus wwwoffensive-securitycom/documentation/awae-syllabuspdf Other resource Burpsuite how to? portswiggernet/burp/documentation Common web vulnerabilities portswiggernet/web-security Atmail Mai

my n00b notes on web_study

stop what you are doing and have a glance through this: wwwinfosecmattercom/bug-bounty-tips/ web_study my n00b notes on web_study The Single Page badge on PA doesnt tell you where the exercises are they are here A good list of "todo's" is here at mrb3n's blog To do: Portswigger labs will take you from 0 to hero LKWA ^^^ lab guide Hack the Box/ B

A Node.js client for the NSP advisories API

NSP advisories client A Nodejs client for the Node Security Project advisories API Getting started var client = require('nsp-advisories-api')() // GET a list of advisories clientadvisories({limit: 100, offset: 0}, function (err, advisories) { consolelog(advisories) // {results: [], total: 52, offset: 0, count: 100} }) // GET an advisory var id = 1 client

Do all these topics and learn advance web hacking as well prepare for OSWE.

AWAE/OSWE Preparation for coming AWAE Training Work in progress Atmail Mail Server Appliance: from XSS to RCE (64) CVE-2012-2593 wwwexploit-dbcom/exploits/20009 githubcom/sourceincite/poc/blob/master/SRC-2016-0012py ATutor Authentication Bypass and RCE (221) CVE-2016-2555 Install: sourceforgenet/projects/atutor/files/atutor_2_2_1/

My OSWE Pre-preperation (i.e. before acutally buying the course) phase plan and notes!

Notes/Plan for my own personal reference! 𝐎𝐒𝐖𝐄/𝐀𝐖𝐀𝐄 𝐏𝐫𝐞-𝐏𝐫𝐞𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧 𝐏𝐥𝐚𝐧 𝐚𝐧𝐝 𝐍𝐨𝐭𝐞𝐬 Started : 16-09-2022 Expected : ?? Donno ?? [bcz of college Assignments/ Exams/ Projects College Sucks] Oct to Dec: Got Distracted with bug-bounties + Co