metasploit

3 articles
sort: new top best
clear filter
bug-bounty480 google297 xss277 microsoft249 facebook211 rce159 apple150 exploit136 bragging-post102 account-takeover98 malware94 csrf84 cve79 privilege-escalation74 authentication-bypass65 stored-xss65 writeup61 reflected-xss57 browser54 react53 ssrf51 phishing50 dos50 input-validation49 cloudflare49 access-control49 cross-site-scripting48 node46 aws46 smart-contract45 docker45 sql-injection45 ethereum44 defi43 web-security43 web-application42 supply-chain42 oauth41 web339 burp-suite36 lfi34 vulnerability-disclosure34 idor34 html-injection33 smart-contract-vulnerability32 race-condition32 clickjacking31 reverse-engineering31 information-disclosure30 csp-bypass30
0 2/10
Attacking Postgresql Database
tutorial

A basic penetration testing guide on attacking PostgreSQL databases through network reconnaissance, brute-force credential attacks using Metasploit, and extracting password hashes from the pg_shadow table via psql client.

postgresql brute-force credential-attack database-security weak-credentials password-hash-extraction metasploit penetration-testing network-reconnaissance port-scanning
PostgreSQL Metasploit Oracle Bug Bounty Program psql pg_shadow
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 5/10
Banner grabbing to DOS and memory corruption
tutorial

A writeup demonstrating how to escalate a banner grabbing reconnaissance finding into critical vulnerabilities (DoS and memory corruption) on IIS servers using MS15-034 (CVE-2015-1635), exploitable via HTTP Range headers and Metasploit modules.

banner-grabbing dos memory-corruption iis cve-2015-1635 http-range-header metasploit penetration-testing vulnerability-chaining nmap curl
MS15-034 CVE-2015-1635 Daniel Morais IIS Metasploit
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details
0 6/10
Metasploit web project kill all running taks CSRF CVE-2017-5244
vulnerability

CVE-2017-5244 is a CSRF vulnerability in Metasploit commercial editions (Express, Community, Pro <4.14.0) where GET requests to stop/stop_all task routes were not properly validated, allowing attackers to kill all running Metasploit tasks via malicious JavaScript injection. The vulnerability exploited missing CSRF token validation and improper HTTP method enforcement.

csrf cross-site-request-forgery metasploit web-security anti-csrf-bypass improper-token-validation cwe-352 poc vulnerability-disclosure
CVE-2017-5244 Metasploit Project Rapid7 Mohamed A. Baset Seekurity Samuel Huckins
seekurity.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details