Collaborate Disseminate
I was experiencing an issue on one of my webpages, where an AJAX call is made to another script on the server to generate some files for download. Depending on things like server load, number of files needed, etc., the call was timing out…. Continue reading Is it insecure for the user to know the process id of a background script on my web server?
I am working on a test case with a website demonstration. For now, I’ve discovered reflected XSS on the website for the profile preview, meaning the data is not sent to the server-side. Next, when I look through the source code, I got the … Continue reading XSS exploitation: AJAX isn’t working properly [closed]
I am struggling to implement JWT refresh tokens with the Double Submit Cookies method.
My current set up for a browser based webapp without refresh tokens looks like this:
Upon successful login, API server returns JWT with expiry in a ht… Continue reading JWT refresh tokens and Double Submit Cookies
To what extent can Ajax, and especially the use of "XMLHttpRequest", pose a security problem?
Continue reading To what extent can Ajax pose a security problem? [closed]
I am a little confused on how the token is shared from the client to an AJAX script to the resource server in the oauth2 flow.
To explain the scenario I am trying to set up, I have
a client (http://localhost:3000)
a resource server (http:… Continue reading Sharing oauth2 token with AJAX request to be sent to resource server
I have an ecommerce website with over 5 million customer database. From past couple of days, probably a hacker is hitting an AJAX endpoint continuously. This endpoint takes email address as a parameter and returns whether that email addres… Continue reading Stop User Enumeration requests on AJAX endpoints
I have an ecommerce website with over 5 million customer database. From past couple of days, probably a hacker is hitting an AJAX endpoint continuously. This endpoint takes email address as a parameter and returns whether that email addres… Continue reading Stop User Enumeration requests on AJAX endpoints
I’m currently honing in on my web exploitation skills and came across this JavaScript function here:
Event.observe(window, ‘load’, function() {
new Ajax.Request(‘/dir/dir’, {
method: ‘post’,
parameters: ‘action\x3DrefreshA… Continue reading XSS via Ajax request?
Are you familiar with the Element chat system of https://app.element.io ? Are you familiar with its connections to Matrix.org (for a free account)? Is there a way that I can sniff this traffic on the OS when I hit the enter key on a messag… Continue reading How To Validate Secure Traffic from Chrome with Element To Matrix.org on Linux
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch. Continue reading Stubborn WooCommerce Plugin Bugs Get Third Patch