Overview Worpress credentials by Unauthenticated SQL Injection (CVE-2022-0739) FTP credentials by Authenticated XXE Within the Media Library (CVE-2021-29447) SSH login by Information leak i...

Overview Http authentication credentials by Information leak in a server file Command Inyection by unsanitized user input on file download (Foothold) Path Hijacking to remote command execut...

Overwiew Access to development page by information leak in git repository Remote execution of commands by access to the upload of .phar files Remote execution of commands by the obsolete ve...

Overview Bypass login page by NoSQL Injection User credentials by User enumeration Leak of SSH credentials in Mattermost system (Foothold) SSH credentials leak by Reverse engineering to b...

Overview Remote code excution by Server Site Template Injection (SSTI) (Foothold) Read files privileged by Xml External Entity Attack (XXE) (Privilege Escalation) OS ...

Overview Subdomain enumeration by AXFR zone transfer request Subdomain enumeration by relationship Private key by Local File Inclusion (Foothold) Fail2ban misconfiguration (Privilege Esca...

Overview: Evade login to website by leaking SQL query Remote code execution by test function with full access (Container, python scripting) Network host scanning (bash scripting) Pivoting...

Overview: Database enumeration and SSH password leak by SQL Inyection Remote command execution in IPython (CVE-2022-21699) (Foothold) Redis password leak exploiting a connection binary Re...

Overview: Database enumeration and bypass login page by SQL Inyection System users, system files, ssh credentials by Server Side XSS (Dynamic PDF) Meta plugin meta-git Remote code execution...

Overview: User validation by Error Messages in Login process. Brute force default Flask’s Session Management. User passwords, Backup code, database credentials by Information Leakage. Rem...