Collaborate Disseminate
When I download a file, the GET request shows the folder’s path and the file’s name.
For example:
https://example.com/page.aspx?sFolder=\\xxxxxxxxxx\yyyyyy\Path\&fName=file.xlsx [GET request]
I tried to recover the /etc/passwd file wi… Continue reading Found path where files reside on server [closed]
I am currently reviewing an ASP application where this javascript initialization is used all over the place:
const someValue = "<% get_some_value() %>";
And this pattern is actually something recommended in some StackOverf… Continue reading What could go wrong with this inlined javascript variable initialization in ASP?
I have an MVC application that has undergone SAST. The scan detects a potential XSRF/CSRF vulnerability.
The application rewrites the .AspNet.ApplicationCookie setting SameSite=Strict:
protected void Application_PreSendRequestHeaders(objec… Continue reading Is the .AspNet.Application cookie vulnerable to CSRF attacks?
I’m using BurpSuite to bruteforce the login credentials for an ASUS router via the router interface page. I’ve found that the login credentials input are only base64 encoded and displayed in the request body. I’m using the Intruder to brut… Continue reading burpsuite see href script in response body
I am having a stateful service which is using target framework as "netcoreapp3.1". And This service will be calling Some test projects and other dependencies. We need to add these projects and dependencies as reference. Most of t… Continue reading Feasible dotnet version [migrated]
Today i faced a web site related to government that showed me all of my certificates in a combobox for authentication on that web site.
What were those certificates?
How can i show them in a asp.net web site?
Can browser access to those ce… Continue reading Using certificates for authentication in a web site
I am planning a SaaS-solution, where my clients store and save sensitive data on my servers.
Security is a big point as it makes a product more trustworthy, so my thought was that the data which I retrieve from my clients should be encrypt… Continue reading Best way to encrypt client side data for SaaS inside the web
I need to implement CSRF token in my web application using ASP.NET. Also that token needs to be encrypted with sha256. Please help me with sample code.
In the past I have dealt with security issues related to Default Service Banners/Verbose Headers/Information Leakage via HttpResponse Headers. These issues are quite common, and usually look something like this for an Asp.Net – IIS Server… Continue reading HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
I have an API server (ASP.NET Core 5) and SPA client (ASP.NET Blazor). Nothing else: no external oauth servers, identity providers and whatnot
To secure access, the server issues and validates access tokens (JWTs) and refresh tokens.
A JWT… Continue reading Should I specify JWT audience and issuer if I have only one SPA client?