This release introduces site map filter Bambdas, match and replace Bambdas, dynamic authentication tokens for API scanning, and Enhanced payload management for Intruder attacks. We’ve also made ...
This lab contains a DOM-based open-redirection vulnerability. To solve this lab, exploit this vulnerability and redirect the victim to the exploit server. The url parameter contains an open ...
It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan ...
If a response does not specify a content type, then the browser will usually analyze the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the ...
As pentesters we all had at least one test where we all needed to use Base64 Image converters online which took an extra efort of copying things and sometimes we were running out of time. Captcha ...
If an application trusts an HTTP request header like X-Forwarded-For to accurately specify the remote IP address of the connecting client, then malicious clients can spoof their IP address. This ...
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS ...
The response contains two or more Set-Cookie headers that attempt to set the same cookie to different values. Browsers will only accept one of these values, typically the value in the last header. The ...
SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in ...