Collaborate Disseminate
Until now I though same-origin policy applied to AJAX requests using either fetch or xmlHttpRequest, but I just learned that media objects also use this policy.
Are there other things that use the same-origin policy?
Might i… Continue reading What does Same-origin policy apply to?
I made a XHR cross-origin request from a html file, hosted on a python Simple HTTP Server.
var xhr = new XMLHttpRequest();
xhr.open(“GET”, “https://www.facebook.com/favicon.ico”, true);
xhr.withCredentials = true;
xhr.onload… Continue reading No Preflight Request is made during XHR cross-origin request
I am testing a scenario with Burp proxy.
I am located on a website https://website.com/web
There’s an option there to delete an item, when you click it , a certain POST request is sent (XMLHttpRequest, no page refresh is ha… Continue reading Reflected XSS via JSON executed with Burp, but how to do it in realistic conditions?
I am testing a scenario with Burp proxy.
I am located on a website https://website.com/web
There’s an option there to delete an item, when you click it , a certain POST request is sent (XMLHttpRequest, no page refresh is ha… Continue reading Reflected XSS via JSON executed with Burp, but how to do it in realistic conditions?
I am testing a scenario with Burp proxy.
I am located on a website https://website.com/web
There’s an option there to delete an item, when you click it , a certain POST request is sent (XMLHttpRequest, no page refresh is ha… Continue reading Reflected XSS via JSON executed with Burp, but how to do it in realistic conditions?
In the book “XSS Attacks – Exploits and Defense” Jeremiah Grossman writes:
The exploit found in Google’s reader was due to the developers thinking that JSON was only going to be viewed by the calling script.The developers… Continue reading XSS from JSON outputs
In the book “XSS Attacks – Exploits and Defense” Jeremiah Grossman writes:
The exploit found in Google’s reader was due to the developers thinking that JSON was only going to be viewed by the calling script.The developers never realized that attackers could send users directly to the JSON output. While AJAX and JSON do not generally introduce new holes per se, they definitely can increase the attacker’s surface area.
I thing there is no way for the attacker to force victim’s browser to run javascript from JSON directly. Is there any example that shows the authors intended purpose?
In my web app, I want to send a cross-domain AJAX request to another site. I want to take the text that the user enters in a form and append that text to the query string in the URL I send the request to, so I escape the user… Continue reading Does appending data from a form to a URL with encodeURIComponent safely sanitize user input?
In my web app, I want to send a cross-domain AJAX request to another site. I want to take the text that the user enters in a form and append that text to the query string in the URL I send the request to, so I escape the user’s text using … Continue reading Does appending data from a form to a URL with encodeURIComponent safely sanitize user input?
I am part way through creating a 3rd party service for an online game. Currently to pull the game data from outside the game I use my own auth cookies, however, I want to make this available for other players to use to see th… Continue reading How to securely send cookies from one site to another via userscript?