Johnny – WindowsTechs.com

Lax SameSite and POST (2 minute)

Posted on February 11, 2024 by Johnny

I was going through this link https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b to understand CSRF using samesite. Does that mean that the LAX+POST issue has been resolved by Chrome, which means tha… Continue reading Lax SameSite and POST (2 minute)→

Double Submit Cookie Bypass

Posted on February 10, 2024 by Johnny

I am trying to work on an example for my class on how double submit cookie works and how attackers can bypass it
The idea i have is I have two domain att.com and victim.com. The login functionality on victim.com creates the session and als… Continue reading Double Submit Cookie Bypass→

SQL Injection in WordPress

Posted on July 11, 2023 by Johnny

I have a website that is running Wordpress 5.0. I can update the WordPress but that will also break some of my plugins. Recently I have seen the following exploit on the internet
https://www.exploit-db.com/exploits/50663
that allows SQL In… Continue reading SQL Injection in WordPress→

Can Google see the screen when using Chrome Remote Desktop?

Posted on March 28, 2022 by Johnny

I was wondering if Google can see my computer screen while I’m using Chrome Remote Desktop.
Let’s assume there’s my main PC named A and my other PC named B.
PC B will have the Chrome extension installed and is the PC that will be accessed … Continue reading Can Google see the screen when using Chrome Remote Desktop?→

Why are mobile phones OS easily hackable (Pegaus & Co)

Posted on November 14, 2021 by Johnny

Every now and then, you here a story about misuses of mobile OS’ spyware softwares, developed by technology firms which usually sell their products to governments or groups with similar power.
You here stories about Whatsapp calls, sms, im… Continue reading Why are mobile phones OS easily hackable (Pegaus & Co)→

AES – from C++ to Python-based Decryption [closed]

Posted on November 5, 2020 by Johnny

I have some C# code that encrypts the body of an email before it sends it to another email account, using AES (the default encryption mode in C# AES seems to be CBC):
[link 1]
The C# code applies the Default encoding to encode the cipherte… Continue reading AES – from C++ to Python-based Decryption [closed]→

client certificate and key storage on client’s machine

Posted on April 1, 2020 by Johnny

Related to a question I posted here, but thought it would also make sense to ask it here, but in this case, focusing on the client certificate and key storage.

Basically, I’m developing a web application that will display a dashboard with… Continue reading client certificate and key storage on client’s machine→

Sqlmap asking for query String

Posted on March 25, 2020 by Johnny

I am trying to perform sqlmap locally and testing my website

When I run vulnerability scanner, it shows SQL injection error with HTTP like this

GET /index.php/search/FB3hw7”””’/assets/assets/assets/assets/assets/assets/assets/assets/a… Continue reading Sqlmap asking for query String→

Is Tomcat protecting against CSRF correctly?

Posted on February 25, 2020 by Johnny

If I read this correctly the way Tomcat protects against CSRF leaves it vulnerable to the situation where the CSRF token is duplicated in the cookie and request parameters which allows the attacker to simply invent a token (as detailed her… Continue reading Is Tomcat protecting against CSRF correctly?→

implementing an authentication mechanism for understanding the basics of client authetication

Posted on December 28, 2019 by Johnny

I’m trying to implement a simple protocol to authenticate users and authorize them to access a certain web page/resource via a login form.

Please note that this is just something to use on my own and that it’s just to get th… Continue reading implementing an authentication mechanism for understanding the basics of client authetication→