Ajax – WindowsTechs.com

How to bypass this code to get login to website or to get the unauthenticated URL?

Posted on January 26, 2023 by Risen Star

There i a website where i send a post request to login to website
Host: example.com
Content-Length:205
..Some other headers
..
__RequestVerificationToken=something&Login.UserName=example&Login.Password=example&X-Requested-With=… Continue reading How to bypass this code to get login to website or to get the unauthenticated URL?→

How to use Hydra in Kali Linux with Ajax form?

Posted on September 25, 2022 by Berkeley Now

I have a website that contains a login form, which works with Ajax jQuery. I am using Burp Suite to intercept requests to this form. Burp Suite returns this when I try to log in:
POST /php/process.php HTTP/2
Host: mydomain.com
Cookie: PHPS… Continue reading How to use Hydra in Kali Linux with Ajax form?→

How this JSON object can be exploitable?

Posted on June 20, 2022 by janu agrawal

I was reading this documentation https://cheatsheetseries.owasp.org/cheatsheets/AJAX_Security_Cheat_Sheet.html#server-side
One of the security recommendation is – Always return JSON with an Object on the outside
And showing an example that… Continue reading How this JSON object can be exploitable?→

Re-populate form with JSON data

Posted on May 3, 2022 by The nothing

I re-populate form with JSON data via javascript (all data has the same origin server)
1 Wen the page load, make a request post ajax
2 The response Ajax is a:
Object { primary_ns: {…}, secondary_ns: {…} }

Here is where I do the re-populat… Continue reading Re-populate form with JSON data→

Need to implement CSRF token for each request in asp.net web application with sha256 encryption

Posted on January 5, 2022 by Manish Gupta

I need to implement CSRF token in my web application using ASP.NET. Also that token needs to be encrypted with sha256. Please help me with sample code.

Continue reading Need to implement CSRF token for each request in asp.net web application with sha256 encryption→

Is the authentication system of this website secure enough?

Posted on September 28, 2021 by FloatKey

Since I write an API for a website, I’m interested in his login system and his requests but something bothered me, I have the impression that the security system is weak…

When I login, I send POST request containing the login form, but … Continue reading Is the authentication system of this website secure enough?→

Secure ajax login form

Posted on August 22, 2021 by arihant a

When the client is logging in, I send an xhr request to the server. However the request looks like this:
localhost:80/api/login-ajax/&username=johndoe&password=123456
This is insecure for obvious reasons. To secure this, I did the … Continue reading Secure ajax login form→

Reverse-proxy issues

Posted on July 11, 2021 by Kshitiz

I am trying to create a reverse-proxy web application using Flask. I don’t really know weather to call it reverse-proxy or not but my idea is that the web app gets a URL from ../proxy/<URL>, goes to URL like it got example.com from …. Continue reading Reverse-proxy issues→

Is it insecure for the user to know the process id of a background script on my web server?

Posted on June 11, 2021 by murchu27

I was experiencing an issue on one of my webpages, where an AJAX call is made to another script on the server to generate some files for download. Depending on things like server load, number of files needed, etc., the call was timing out…. Continue reading Is it insecure for the user to know the process id of a background script on my web server?→

Is it insecure for the user to know the process id of a background script on my web server?

Posted on June 11, 2021 by murchu27