feakk / xxxpwn Goto Github PK

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:

• https://inventory.rawsec.ml/tools.html#xxxpwn

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

It would be nice to be able to use cookies for testing things behind a required login.

Hi,

I've been pentesting an old version of Umbraco (4.7.x). It contains XPath injection vulnerabilities on all URLs of the type http://website.com/base/[@alias]/[@method]
So if on our @alias is set to something'%20and$20'a'='a it returns true.
I've been looking for a tool that is able to exploit XPath injection vulnerabilities on REST style URLs but haven't find none.
It would be great to have something like the asterisk marker on Sqlmap tool which indicates some kind of "inject here" instruction to the script. Of course that this will raise the problem of not being able to use the slash / on the payloads, so i'm not sure if it's feasable...
Let me know if this is possible to implement.
Thanks

hooooowwww to use thiis toooooooool ?????????

Possible fix is to remove "Accept-Encoding" headers from requests.