[socket.io] Cross-Site Websocket Hijacking

The socket.io module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of http Origin header.


Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page.

Parameter discovery tools comparison

Some people asked me about publishing a comparison between x8 and other major tools for parameter discovery: Arjun and Param Miner, so here it is!