Symfony

Symfony Exploits / Pentesting

CVE-2024-50340

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7

GitHub - Nyamort/CVE-2024-50340GitHub

GitHub - nollium/CVE-2024-50340-eos-exploit: Exploit for Symfony CVE-2024-50340 (forked eos)GitHub

Symfony Secret Fragment

Symfony ESI (Edge-Side Includes) enabled - Vulnerabilities - AcunetixAcunetix

https://target.com/_fragment

GitHub - ambionics/symfony-exploits: Exploits targeting SymfonyGitHub

Secret fragments: Remote code execution on Symfony based websitesAmbionics

Checks symfony "_fragment" urls for known HMAC key. Operates on Full URL, including hash

GitHub - blacklanternsecurity/badsecrets: A library for detecting known secrets across many web frameworksGitHub

Looting Symfony

Looting Symfony with EOSSynacktiv

GitHub - synacktiv/eos: Enemies Of Symfony - Debug mode Symfony looterGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.