webapp   53636

« earlier    

Projects - CoCalc
Collaborative calculation in the cloud
teaching  team  calculator  data-science  webapp  mathematics 
yesterday by gonsie
us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely
embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is
extremely easy to mistake for Cross-Site Scripting (XSS), or miss entirely. Unlike XSS, Template Injection can be used to
directly attack web servers' internals and often obtain Remote Code Execution (RCE), turning every vulnerable
application into a potential pivot point.
templateinjection  webapp  pentest 
2 days ago by whip_lash
owasp_SSTI_final
Occurs when invalid user input is embedded into the template
engine
• Often XSS attack occurs but SSTI can be missed
• Can lead to a remote code execution (RCE)
• Developer error or intentional exposure
templateinjection  webapp  pentest 
2 days ago by whip_lash
Beautify, Validate, Minify, Analyse, Convert data formats
Online Tools like Beautifiers, Editors, Viewers, Minifier, Validators, Converters for Developers: XML, JSON, CSS, JavaScript, Java, C#, MXML, SQL, CSV, Excel
converter  webapp 
4 days ago by alphajuliet
GitHub - epinna/tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.
injection  template  pentest  webapp 
4 days ago by whip_lash
JotForm - Online Form Builder & Form Creator | JotForm
Good free version - e.g. www.wilsonlawgroup.com - 2019-01-14
forms  webapp 
5 days ago by wellsa

« earlier    

related tags

!great  2019  ai  airdrop  airlines  airtable  alternativesto  alternativeto  android  angular  anonymous  api  app  apps  apt  article  asspad  auth  authentication  authorization  background  bash  bildbearbeitung  blending  book  browser  browser_tools  build  calculator  calendar  cg  charts  chat  circle  cli  cloud  cms  co-viewing  code  coding  collaboration  color  colors  colour  colours  commercial  communication  computergraphics  converter  crossplatform  css  data-science  dataviz  demo  deployment  design  development  documentation  dotnet  dpkg  drawing  dvcs  editor  education  electron  elm  encryption  eventmanagement  evernotes  example  exploitable  file  flat  forms  forum  framework  free  game  generator  geoip  github  go  golang  graph  graphic_design  graphics  graphs  haskell  hassio  hosting  howto  html  http  ifttt  image  images  important  infographics  injection  inspiration  internet  ionic  ios  ip  ipv4  ipv6  javascript  journal  json  jwt  kanban  kestrel  lasso  lfi  library  linux  lookup  macapp  markdown  mathematics  media  meta  metadata  microservices  mobile  multifactor  music  mysql  networking  newbie  nginx  note  notes  notetaking  notion  oath  oauth  oauth2  okta  online  open-source  opensource  owncloud  paas  package  palettes  pentest  photo  photography  photos  photoshop  php  physics  piano  pocket  printing  privacy  productivity  programming  project-management  projectmanagement  publishing  pwa  python  reference  remote  remove  research  research_cell  saas  security  selfhosted  seo  server  serverless  service  setup  sharing  shellscripting  simplenote  simulation  software  ssh  ssl  stream  streaming  survey  sync  synchronization  teaching  team  teamwork  template  templateinjection  terminal  test  texteditor  todo  todolist  tool  tools  toolstouse  training  travel  try  tutorial  ubuntu  unslush  useful  utilities  utils  vector  video  vscode  vulnerable  web  webdesign  webdev  webshell  websocket  wiki  wordlist  writing  writingtools  youtube  zeichnen 

Copy this bookmark:



description:


tags: