Collaborate Disseminate
I was testing an application recently and i came across with a Reflected XSS vulnerability via HTTP POST Request with JSON body. Although this condition can’t be exploitable from his own, due respond’s corresponding MIME type application/… Continue reading Reflected XSS found in web application via POST request with JSON body. Is this issue exploitable?
I’m currently performing a code audit for an application that a company will release to the public as open-source in the next few days.
In this application, they use a JWT token for authentication and on the backend, you can clearly see th… Continue reading Use of JWT Token in open source project
Maybe is a silly question but I can’t understand exactly why this type of buffer overflow does not work…
Let’s me explain with an example.
Suppose we have a program written in c.
This program has 2 function , normal() and special(). In … Continue reading Why I can’t perform buffer overflow directly from bash
In a program i am writing, i use session authentication tokens that we give back to a user to have them hand in with their requests.
This is working very well but this question is about the generated token and chance of collision.
Here is … Continue reading When generating user session tokens, should i bother checking for a duplicate?
When temporarily blocking a client by IP address making to many login attempts, what are the security implications of only restricting them from attempting the same login email/username again for a short time?
This would sev… Continue reading Temporarily blocking too many login requests for only the targeted accounts