Collaborate Disseminate
Is there a way to permanently add code to a website vulnerable to client-side XSS? so if you refresh the page, it is still changed?
if you can, how?
Continue reading Can you inject permanent code into a website by client-side XSS? [closed]
I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?
Introduction:
We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we’ve identified two primary XSS prevention strategies:
Interpolation ({{ }})
Direct Sanitization with DomSanitizer.saniti… Continue reading Security in Angular: Addressing XSS Concerns with External Libraries and Interpolation
I’m working on a CTF challenge and am stuck on a client-side exploit using Metasploit. The target is not a real user (so social engineering won’t work), and I’m focusing on exploiting a client with the User-Agent: Mozilla/5.0 (X11; Linux x… Continue reading Metasploit Client-Side Exploit on Firefox 26
I have several MongoDB’s where I use x.509 Certificates to Authenticate Clients
Let’s say I create certificate and user for admin:
subject: CN=admin
issuer: CN=MongoDB Issuing CA
-> db.createUser({user: "CN=admin"})
When I p… Continue reading Best practice of x.509 client certificates accross multiple systems
When I log into ProtonMail I can see that the webpage is using HTTPS, which gives me piece of mind that everything is transmitted securely.
I was curious, however, whether ProtonMail used any client side cryptographic protections on my cre… Continue reading Protonmail encryption during login
One of the Paho MQTT client SSL options allows checking whether "a certificate matches the given host name.". If I enable this option then I cannot establish a TLS connection to MQTT using an IP address. In case it is relevant: t… Continue reading How does the MITM attack work when a client does not check the hostname vs the certificate? [duplicate]
Is there any way to reliably identify the referring site on modern browsers (not considering manual HTTP requests outside of a browser e.g. cURL, etc.)?
Referrer header will not work because the referring site could just set Referrer-Polic… Continue reading How to reliably identify referrer on client browser?
What version of TLS would be required for a router that separates client requests from a web server behind a router?
Let’s say the supported TLS client is 1.2 and so is the web server, BUT the router doesn’t support TLS 1.2, it’s only 1.0…. Continue reading Web request TLS
I am developing a public website (with https) where each user is going to register and save confidential data, this data needs to be encrypted/decrypted only by the user. I need help to know how to produce the:
passphrase
salt
key