Collaborate Disseminate
This website has a header in the request (If-None-Match) and whatever you set the value to for it, the response will contain a header (ETag) with the value of the If-None-Match header.
I understand why it does that, but is t… Continue reading Any risk with HTTP header value reflection?
If we need to connect to the corporate network from home, we need to have the VPN connection. However, what if for accessing SaaS applications like Google Doc, Salesforce, etc, do we need still need the VPN connection?
I think the underne… Continue reading do we need VPN for SaaS cloud applications?
If we need to connect to the corporate network from home, we need to have the VPN connection. However, what if for accessing SaaS applications like Google Doc, Salesforce, etc, do we need still need the VPN connection?
I thi… Continue reading do we need VPN for SaaS cloud applications?
When starting an incognito/private browsing session, no cookies from other browsing profiles should exist. For example, if I am logged in to a site on my main browsing profile, then start a new private browsing session, I am … Continue reading Does incognito/private browsing prevent XSS attacks?
My family member has reason to believe that someone entered their house last night although they cannot be certain because they only have circumstantial evidence: In the morning they found a light left on and a door leading t… Continue reading How to check for security breach after a potential physical home intrusion
I found a domain with open POP3 (110) and IMAP (143) ports. I was able to use TELNET to connect to them successfully, but beyond this is there any common vulnerability/exploit I should test on them, or is this even a security… Continue reading Risks in open POP3/IMAP ports?
On this website, you can specify your YouTube channel URL and it makes a button on the profile page that will go to that URL. This text entry has no restrictions other than that it has to be less than 200 characters and that … Continue reading Any browsers where I could escape the URL with certain characters?
I have an HTML page with this bit of code in it:
<div>
<div id=”login-container”
class=”login-container”>
<login-page params=”{"redacted":"redacted"}”></login-page>
<… Continue reading How to exploit escapable JSON parameters
I’ve tested a lot of websites, and I’ve found that many sites have a “go.example.com” subdomain that returns the following error message:
404 Not Found
The redirect url is empty
This message makes me think that you can som… Continue reading "Go" subdomains with empty redirect url?
I had an old phone number assigned to whatsapp.
Now I’ve moved countries and have no access to my old number anymore. However the old whatsapp account is still active. I can’t delete the whatsapp account because I don’t have… Continue reading Lost access to phone number used for whatsapp [on hold]