Common SQL Injection Attacks SQL Injection attacks are still a threat to current web applications, despite their long history. In this article, we discuss the most common SQL Injection attack techniques with concrete examples from DVWA (Damn Vulnerable Web Application). Satyam Singh Published at 23 Apr 2019 Updated at 13 Apr 2023 · 13 min read
How to detect injection flaws with Pentest-Tools.com Whether you’re a penetration tester, bug bounty hunter, or security pro, you’re probably familiar with all the OWASP Top 10 vulnerabilities affecting web applications. Cristian Cornea Published at 19 Mar 2021 Updated at 10 Jul 2022 · 11 min read
Exploiting SQL Injection in Magento Using Sqlmap In this article we show a new method of exploiting the critical SQL Injection vulnerability in Magento (CVE-2019-7139), using the well known SQLMap tool. Alexandru Postolache Published at 14 Jun 2019 Updated at 07 Jul 2022 · 10 min read
Securing Your Laravel Application: A Comprehensive Guide As someone who has worked with the Laravel framework for years, I've seen firsthand the importance of taking security seriously. I've seen how simple mistakes lead to disastrous consequences, and I've also seen the benefits of a secure and well-maintained Laravel application. Cosmin Coman Published at 11 Apr 2023 Updated at 11 Apr 2023 · 23 min read
Exploiting OGNL Injection in Apache Struts Let’s understand how OGNL Injection works in Apache Struts. We’ll exemplify with two critical vulnerabilities in Struts: CVE-2017-5638 (Equifax breach) and CVE-2018-11776. Ionuț Popescu Published at 14 Mar 2019 Updated at 05 May 2023 · 24 min read
[New scanners] Find Associated Domains, Password Auditor, and 2 more new tools Vulnerability scanners are essential tools for penetration testers who need to assess the security of their servers, sites, or networks. That’s why we focus on adding new scanners on Pentest-Tools.com to help our customers discover critical security flaws quickly and effectively. Ioana Rijnetu Published at 25 Jul 2019 Updated at 07 Jul 2022 · 3 min read
Log4J - why some CVEs (almost) never disappear Unless you’ve been on a sabbatical for the past year, you probably know how a critical vulnerability known as Log4shell took over the world. Kelyan Yesil Published at 07 Apr 2023 Updated at 13 Apr 2023 · 7 min read
How to do a Basic Website Vulnerability Assessment with Pentest-Tools.com Let’s see how to perform a basic security evaluation of your web application with the tools from Pentest-Tools.com. Adrian Furtuna Published at 24 May 2019 Updated at 07 Jul 2022 · 5 min read
How to do a full website vulnerability assessment with Pentest-Tools.com As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done! Daniel Bechenea Published at 31 Mar 2021 Updated at 11 May 2023 · 12 min read
Year in review: 2021 on Pentest-Tools.com Security is the gift that keeps on giving and never have we felt it like we did this year. Andra Zaharia Published at 28 Dec 2021 Updated at 06 Oct 2022 · 11 min read
Customized white label, website scanner improvements & other platform updates Here are 7 platform improvements we deployed in the current update to make Pentest-Tools.com a valuable asset for your pentesting toolbox. Ioana Rijnetu Published at 20 Aug 2019 Updated at 07 Jul 2022 · 3 min read
November updates for powerful workflows, including detection for Log4Shell Giving you the tools you need right now to speed up detection and reporting is always our top priority. Especially when your work is essential to effectively prioritize remediation. So, with every monthly update, we strive to do just that. Ioana Rijnetu Published at 16 Dec 2021 Updated at 05 Oct 2022 · 4 min read