Collaborate Disseminate
I found a clickjacking issue in a site and the site security team said me that i would require unusual user interaction. So I wrote a code above the iframe but I was not successful in achieving it.
The site had two sensitive buttons which … Continue reading Automating Clickjacking Attack
I came across a site that was running on Jquery@1.7.1 and also found that it was vulnerable to multiple issues and one was XSS.
I reported this issue and the organization would like to have a working POC but I don’t have an idea how create… Continue reading CVE-2020-7656 needed help for a working POC [closed]
I was recently working on Broken link Hijacking and found a link in a target which reflected on multiple pages. It was portal.REDACTED.local which was not accessible and returned response as bad host.
So I never saw a extension that has .l… Continue reading .local domain any possible ways in getting the extension
Recently came across this word "Storage Abuse". So, I was wanted to know what really is storage is and how an attacker can really exploit this.
Thanks.
I was testing a site and came across a request with DELETE and I found X-CSRF: parameter was sent to ensure the doc can be deleted by a authorized person but when I removed the entire X-CSRF token and sent a empty parameter, it was accepte… Continue reading Exploiting CSRF on DELETE Request
I was recently testing for Clickjacking and when I opened developer tools, I was warning
Content Security Policy: Ignoring “’unsafe-inline’” within script-src or style-src: nonce-source or hash-source specified
Do you guys think it is poss… Continue reading Error on Content Security Policy while testing for Clickjacking
I recently came across an application that was vulnerable to HTML injection on the invite function. When I insert <img src="image.jpg"> the image got rendered on the mail I received.
I decided to test for blind ssrf out of … Continue reading HTML Injection to blind SSRF testing retrieves only DNS Query
How much time does it take to add a x-frame-options on a webpage to prevent clickjacking attacks?
Continue reading How much time it takes to fix a Clickjacking vulnerability? [closed]