Cross-site request forgery – Page 2

Critical Flaws in Khan Academy Opened Door to Account Takeovers

Posted on May 22, 2019 by Lindsey O'Donnell

The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved. Continue reading Critical Flaws in Khan Academy Opened Door to Account Takeovers→

WordPress 5.1.1 patches dangerous XSS vulnerability

Posted on March 18, 2019 by John E Dunn

Researchers have offered more detail on a recently patched vulnerability that would allow an attacker to take over a WordPress site. Continue reading WordPress 5.1.1 patches dangerous XSS vulnerability→

Facebook flaw could have allowed an attacker to hijack accounts

Posted on February 19, 2019 by John E Dunn

The CSRF bypass flaw has now been fixed, and the researcher who discovered it has netted $25,000. Continue reading Facebook flaw could have allowed an attacker to hijack accounts→

The Importance of the Content-Type Header in HTTP Requests

Posted on December 24, 2018 by Ziyahan Albeniz

Dawid Czagan, Founder and CEO at Silesia Security Labs and author of Bug Hunting Millionaire, is listed in HackerOne’s Top 10 Hackers. In a recent article on his website, Czagan disclosed the details of a vulnerability combining both Cross-site R… Continue reading The Importance of the Content-Type Header in HTTP Requests→

Three C-Words of Web App Security: Part 2 – CSRF

Posted on October 24, 2018 by Mic Whitehorn-Gillam

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, … Continue reading Three C-Words of Web App Security: Part 2 – CSRF→

Two Bugs in WordPress Tooltipy Plugin Patched

Posted on June 13, 2018 by Lindsey O'Donnell

The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability. Continue reading Two Bugs in WordPress Tooltipy Plugin Patched→

Western Digital My Cloud EX2 NAS Device Leaks Files

Posted on April 25, 2018 by Tom Spring

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network. Continue reading Western Digital My Cloud EX2 NAS Device Leaks Files→

Authentication Bypass Vulnerability Found in Auth0 Identity Platform

Posted on April 7, 2018 by Swati Khandelwal

A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentica… Continue reading Authentication Bypass Vulnerability Found in Auth0 Identity Platform→

Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases

Posted on January 2, 2018 by Wang Wei

A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clic… Continue reading Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases→

Court records system has been open to hackers for decades

Posted on August 14, 2017 by Taylor Armerding

The easily exploitable and long-standing hole has finally been patched, said the Free Law Project, which set out a series of recommendations to improve the security of the system Continue reading Court records system has been open to hackers for decades→