Pinned Repositories
collaborator-everywhere-with-ip-support
Collaborator Everywhere fork which supports IP addresses instead of domain names. Useful for testing inside internal networks. A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
CVE-2018-25031
.json and .yaml files used to exploit CVE-2018-25031
CVE-2022-35500
Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2
CVE-2022-35501
Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
CVE-2022-36432
Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2
CVE-2022-36433
Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
CVE-2023-35840
elFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector
CVE-2023-45182
IBM i Access Client Solutions < 1.1.9.4 - Weak password encryption
CVE-2024-24816
CKEditor 4 < 4.24.0-lts - XSS vulnerability in samples that use the "preview" feature.
research
CVEs, conference materials, research.
afine.com's Repositories
afine-com/research
CVEs, conference materials, research.
afine-com/collaborator-everywhere-with-ip-support
Collaborator Everywhere fork which supports IP addresses instead of domain names. Useful for testing inside internal networks. A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
afine-com/CVE-2018-25031
.json and .yaml files used to exploit CVE-2018-25031
afine-com/CVE-2023-35840
elFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector
afine-com/CVE-2024-24816
CKEditor 4 < 4.24.0-lts - XSS vulnerability in samples that use the "preview" feature.
afine-com/CVE-2022-35500
Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2
afine-com/CVE-2022-35501
Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
afine-com/CVE-2022-36432
Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2
afine-com/CVE-2022-36433
Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2
afine-com/CVE-2023-39062
Spipu Html2Pdf < 5.2.8 - XSS vulnerabilities in example files
afine-com/CVE-2023-45182
IBM i Access Client Solutions < 1.1.9.4 - Weak password encryption
afine-com/CVE-2023-45184
IBM i Access Client Solution < 1.1.9.4 - Local server broken access control.
afine-com/CVE-2023-45185
IBM i Access Client Solutions < 1.1.9.4 - Remote code execution via insecure deserialisation
afine-com/CVE-2024-5735
AdmirorFrames Joomla! Extension < 5.0 - Full Path Disclosure
afine-com/CVE-2024-5736
AdmirorFrames Joomla! Extension < 5.0 - Server-Side Request Forgery
afine-com/CVE-2024-5737
AdmirorFrames Joomla! Extension < 5.0 - HTML Injection
afine-com/Full-Path-Disclosure-Passive-Scanner
FPD Scanner is a Burp Suite extension that passively scans HTTP responses for full path disclosure (FPD) vulnerabilities. It highlights paths that could expose sensitive information about a server's file structure, such as file paths in Windows and Unix/Linux environments.