feakk / xxxpwn Goto Github PK
View Code? Open in Web Editor NEWAdvanced XPath Injection Tool
License: Other
Advanced XPath Injection Tool
License: Other
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
It would be nice to be able to use cookies for testing things behind a required login.
Hi,
I've been pentesting an old version of Umbraco (4.7.x). It contains XPath injection vulnerabilities on all URLs of the type http://website.com/base/[@alias]/[@method]
So if on our @alias is set to something'%20and$20'a'='a it returns true.
I've been looking for a tool that is able to exploit XPath injection vulnerabilities on REST style URLs but haven't find none.
It would be great to have something like the asterisk marker on Sqlmap tool which indicates some kind of "inject here" instruction to the script. Of course that this will raise the problem of not being able to use the slash / on the payloads, so i'm not sure if it's feasable...
Let me know if this is possible to implement.
Thanks
hooooowwww to use thiis toooooooool ?????????
Possible fix is to remove "Accept-Encoding" headers from requests.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.