¶ Web Cve Tests
The goal of this tool is to send PoC payloads to verify server-side attack detection solutions. If detected, the server side should return a specified HTTP status code.
¶ Used facts:
Adobe ColdFusion Remote Code Execution (CVE-2018-15961)
Deserialization of Untrusted Data (CVE-2019-0192)
Detected Code Injection (CVE-2012-0394)
Detected Command Injection (CVE-2016-10033)
Detected Command Injection (CVE-2016-3081)
Detected Cross-Site Scripting (XSS) (CVE-2018-1000129)
Detected Cross-Site Scripting (XSS) (CVE-2019-6341)
Detected CVE-2006-2743
Detected CVE-2007-5416
Detected CVE-2010-1870
Detected CVE-2012-0392
Detected CVE-2012-0393
Detected CVE-2012-1007
Detected CVE-2013-1966
Detected CVE-2014-3704
Detected CVE-2015-0899
Detected CVE-2015-1399
Detected CVE-2015-3337
Detected CVE-2016-1181
Detected CVE-2016-1182
Detected CVE-2016-3087
Detected CVE-2016-4438
Detected CVE-2016-6195
Detected CVE-2017-10271
Detected CVE-2017-5638
Detected CVE-2017-9805
Detected CVE-2018-3252
Detected CVE-2018-6389
Detected CVE-2019-11043
Detected CVE-2019-16759
Detected CVE-2019-2725
Detected CVE-2019-5418
Detected Deserialization of Untrusted Data (CVE-2017-17672)
Detected Directory traversal (Path Traversal) (CVE-2015-1398)
Detected Directory traversal (Path Traversal) (CVE-2019-3396)
Detected Improper Access Control (CVE-2019-2618)
Detected Improper Access Control (CVE-2019-6703)
Detected Improper Input Validation (CVE-2012-0391)
Detected Improper Input Validation (CVE-2013-2248)
Detected Improper Input Validation (CVE-2013-2251)
Detected Improper Input Validation (CVE-2014-0114)
Detected Improper Input Validation (CVE-2017-12611)
Detected Improper Input Validation (CVE-2018-11776)
Detected Improper Input Validation (CVE-2018-1327)
Detected Improper Input Validation (CVE-2018-20062)
Detected Improper Input Validation (CVE-2018-7600)
Detected Improper Input Validation (CVE-2019-0232)
Detected Improper Input Validation (CVE-2019-6340)
Detected Incorrect Permission Assignment for Critical Resource (CVE-2011-3923)
Detected Local File Inclusion (LFI) (CVE-2018-7422)
Detected NoSQL Injection (CVE-2016-4010)
Detected NoSQL Injection (CVE-2018-1000130)
Detected Remote Code Execution (RCE) (CVE-2017-9791)
Detected Remote Code Execution (RCE) (CVE-2018-7602)
Detected SQL-injection (CVE-2015-1397)
Detected SQL-injection (CVE-2019-7139)
Detected Unrestricted Upload of File with Dangerous Type (CVE-2018-9206)
Directory traversal (Path Traversal) (CVE-2018-7490)
Directory traversal (Path Traversal) (CVE-2017-17671)
¶ Screenshots of results:
¶ Category:
Security/CVE
¶ Flag:
"python", "webcve.py"
¶ Audit Tags:
CVE, Time consuming, Vulnerability identification
¶ DISCLAIMER:
This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.