Collaborate Disseminate
I’d like to create a Web-App with Server-Side Template Injection vulnerability in NodeJS. The template used in the Application is EJS with Express-Framework.
Below are the code bits:
index.js (Route)
router.get(‘/page3’, … Continue reading Server Side Template Injection for EJS template in NodeJS
For training purposes, I need some pointers on the tools and tips to implement an active Man-In-The-Middle attack.
The attack scenario that I want to do is a toy example (which has countermeasures by server authentication) … Continue reading How to implement an active Man-In-The-Middle attack that changes the request URL address
Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I’m still safe? Can it “patch” the OS-based security holes?
Minor question: typically, how long wou… Continue reading Is an up-to-date browser secure on an out-of-date OS?
In The Netherlands, one can access government services using a login platform called DigID. Some services require a two factor authentication, for which one can use a mobile app.
This requires the following steps
Enter on the website th… Continue reading What attack vector is prevented by using the ‘coupling code’?
I’m curious to know if there are any significant threats presented by files which are uploaded and read but are never saved to disk? I’ve read countless articles about file uploads regarding storage and retrieval of the file… Continue reading File upload attack vectors when file is not saved to disk
Microsoft has the following to say about configuring asp.net core with http.sys:
Top-level wildcard bindings (http://*:80/ and http://+:80) should not
be used. Top-level wildcard bindings create app security
vulnerabi… Continue reading Why are top-level wildcard bindings unsafe?
I have tried CSRF attack on web vulnerability application known as DVWA at my localhost and on kali linux OS. I have changed password on this application by using CSRF. It has collected following log entries in access log.
1… Continue reading What are the common features to identify CSRF attack from Apache log file?
Is it poor practice to use the last 4 digits of a social security number as an identifier?
The last 4 digits of a person’s social are commonly used as a means of personal identification/authentication, but I can’t find guid… Continue reading Is it poor practice to use the last 4 digits of a social security number as an identifier?
I’m almost sure I’m being paranoid here, but better safe than sorry, right?
My gmail account received an email about a rebooked flight, sent by some Hong Kong air carrier I never heard about. My email address consists of my … Continue reading Was this some novel attack by email?
I have a site that is open to the public, that exposes no resources that need authorization. I have a use case that should support return URLs. In some cases, the site will redirect the session to a return URL after interac… Continue reading Am I someone else’s vector?