Repository navigation

#

broken-access-control

dub-flow / sessionprobe 

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.

broken-access-controlpentesting-tool
Go
452
1 年前
WuliRuler / AutorizePro 

🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

Authorizationbroken-access-controlburp-extensionsburpsuite安全bounty-huntersBug Bountypentest-toolpentestingvulnerability-detection人工智能大语言模型idor
Python
378
17 天前
Chocapikk / CVE-2023-22515 

CVE-2023-22515: Confluence Broken Access Control Exploit

broken-access-controlconfluenceExploitCybersecurityprivilege-escalation安全vulnerability
Python
136
2 年前
AIex-3 / confluence-hack 

CVE-2023-22515

broken-access-controlconfluenceExploitprivilege-escalationremote-code-execution安全vulnerabilityCybersecurity
Java
51
2 年前
dev-angelist / Web-Application-Penetration-Tester-WAPT-Notes 

Web Application Penetration Tester (WAPT) Notes

broken-access-controlburpsuiteinjectioninjection-attacksowaspowasp-top-10owasp-zapwaptWeb app
23
9 个月前
NullChapter / Challenges_2023_OWASP_10 

This repository contains OWASP Top 10 CTF challenges designed to test your skills in web application security. Each category includes both "easy" and "hard" challenges.

broken-access-controlcryptoKubernetesowasp-top-10XMLxss-vulnerabilityssrf
Python
5
2 年前
abeker / OWASP-Top-10-Front 

Bachelor’s Work - WEB programming

protection安全owasp-top-10injectionbroken-access-controlLogging监控vulnerability-detectionxss-vulnerabilityAngular
TypeScript
3
5 年前
m3ssap0 / wordpress-jetpack-broken-access-control-vulnerable-application 

WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk!

jetpackWordPressbroken-access-controlvulnerable-application
Dockerfile
2
9 个月前
richeeta / DEFCON33-Siriously-Leaky 

Slides and PoCs for my DEF CON 33 & HOU.SEC.CON 2025 talk on overlooked attack surfaces across Apple's ecosystem.

Applebroken-access-controldefconidoriOSios-securityipadosshortcutssirivulnerability-research
2
4 天前
JacYuan1 / Insecure-Blog-Application-Project 

Fixing an Insecure Blog Application.

PHPnginxPostgreSQLbroken-access-controlcsrf-protectionCybersecurityxss-vulnerability
PHP
2
2 年前
MuhaibShamsher / BuggyBuy 

BuggyBuy: Deliberately Vulnerable MERN Stack Web Application for Security Testing

broken-access-controlCybersecuritymern-projectnosql-injectionxss-vulnerabilityprivilege-escalationJavaScript
JavaScript
2
3 个月前
Swastik1616 / Cybersecurity-Internship-Cyber-Secured-India 

This repository serves as the PoW of my 3-month remote internship cum training at Cyber Secured India

android-pentestingbroken-access-controlburpsuitecloud-computingcsrfCybersecuritydigital-forensicsethical-hackingkali-linuxmetasploit-frameworknmap操作系统windows-privilege-escalation
1
1 个月前
shoaibbshaikhh / VulnWeb 

VulnWeb - Learn & Fix Common Security Flaws

Authenticationbroken-access-controlconfigurationsession-managementsqlixss
TypeScript
1
6 个月前
LittleHaku / cybersecurity-proj1 

Django website with intentional security flaws and their fixes to demonstrate vulnerabilities commonly found in web applications. Flaws include SQL injection, broken access control, SSRF, security misconfiguration, and CSRF.

broken-access-controlcsrfCybersecurityDjangosql-injectionssrf
Python
1
2 年前
dorabz / security-vulnerabilities-django 

Project in Django Python on theme Security vulnerabilites - Sensitive data exposure, Broken Access Control.

broken-access-controlDjangoPython安全sensitive-data-exposure
Python
1
3 年前
abeker / OWASP-Top-10 

Bachelor’s Work - WEB programming

protectionowasp-top-10Javainjectionsensitive-data-exposurebroken-access-controlxssxss-vulnerabilityLogging
Java
1
4 年前
epmyas2022 / uped-vunerabilidad 

Script que permite obtener la información de estudiantes y la sesion de un usuario en el portal de la universidad. Ademas de poder inyectar codigo SQL en una cookie en la base de datos de la universidad.

Hackingbroken-access-controlcookiescrapingsql-injection
JavaScript
1
3 个月前
burakcanbalta / webscanner 

Advanced modular web vulnerability scanner for SQLi, XSS, LFI, and access control issues

broken-access-controlCybersecuritylfipentestingPythonsecurity-testingsql-injectionxss
Python
0
4 个月前
TheMalwareGuardian / brokeCLAUDIA 

brokeCLAUDIA - Broken access control in microCLAUDIA, the anti-ransomware platform by CCN-CERT.

broken-access-control
Python
0
3 个月前
mohamed-zakariya / Vulnerable_Library_Management_System 

A deliberately vulnerable web application simulating a library management system, designed to help developers and security enthusiasts learn about common web vulnerabilities and how to fix them.

broken-access-controlNode.jssqlinjectionxss-vulnerability
TypeScript
0
3 个月前