Search • Page 4/4

47 results for "SQL injection"

How to detect injection flaws with Pentest-Tools.com

Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications.

Author(s)

Cristian Cornea

Published at: 19 Mar 2021

Milestones

Why Pentest Robots are rocket fuel for pentesters, not their replacement

Let me say this from the start: full automation is the wrong approach for scaling penetration testing. The whole “machines will replace humans” view doesn’t sit well with us. It’s too simplistic and it fails to capture the complexity and depth involved in security testing and the larger information security ecosystem. So how come we launched pentest robots - an automation feature - at Black Hat Europe 2020?

Author(s)

Andra Zaharia

Published at: 10 Dec 2020

Security research

How to exploit the DotNetNuke Cookie Deserialization

We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.

Author(s)

Cristian Cornea

Published at: 10 Jun 2020

Security research

How to exploit the BlueKeep vulnerability with Metasploit

In this article, we show our approach for exploiting the RDP BlueKeep vulnerability using the recently proposed Metasploit module.

Author(s)

Published at: 10 Sep 2019

Platform updates

Customized white label, website scanner improvements & other platform updates

Here are 7 platform improvements we deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting toolbox.

Author(s)

Ioana Rijnetu

Published at: 20 Aug 2019

Platform updates

[New scanners] Find Associated Domains, Password Auditor, and 2 more new tools

Vulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively.

Author(s)

Ioana Rijnetu

Published at: 25 Jul 2019

Security research

Exploiting SQL Injection in Magento Using Sqlmap

In this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known SQLMap tool.

Author(s)

Alexandru Postolache

Published at: 14 Jun 2019

Hacking tutorials

How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com

Let’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com.

Author(s)

Adrian Furtuna

Published at: 24 May 2019

Security research

Exploiting OGNL Injection in Apache Struts

Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776.

Author(s)

Ionuț Popescu

Published at: 14 Mar 2019

Platform updates

An enhanced version of our Website Vulnerability Scanner

To check the security of a web application or server, you need an automated scanner to save time spent on manual work. Our Website Vulnerability Scanner does that and much more (including detecting widespread vulnerabilities like Log4Shell)!

Author(s)