Remotely Sniffing Browser History via XSS Using HSTS + CSP

This is a PoC to remotely capture domains a user has visited by using Cross-Site Scripting and HSTS/CSP timing attacks. All credits for the original exploit go to @bcrypt which can be downloaded here: The source code below is a modified version of the original PoC which allows remote exploitation of clients and dumping of positive matches to a target web server.

Video Demo

PoC/Exploit Code:

Author: @bcrypt
Modified by: 1N3 @CrowdShield

WordPress XMLRPC System Multicall Brute Force Exploit

This is a small PoC exploit to launch a brute force amplification attack on affected WordPress sites.

Usage: ./wp-xml-brute


Joomla 3.4.4 SQL Injection Exploitation via SQLMap

Recent Comments