Collaborate Disseminate
I have an encoded string: VH+_+smN+IPimspbC+_+ygX73g==
The original string is: 51756
So 51756 => VH+_+smN+IPimspbC+_+ygX73g==
What is the encoding algorithm type?
How can decode VH+_+smN+IPimspbC+_+ygX73g== to original string?
Continue reading What type of encoding is this string? [duplicate]
I once encountered a very interesting type of XSS on a website purely by accident. This website allows users to upload PDFs, and will open the PDF in browser with some builtin Javascript. What happened was I uploaded a paper of mine that c… Continue reading PDF fonts, encodings, and risk potentials interacting with web browser
My try:
import base64
def form_valid(self, form):
self.object = form.save(commit=False)
if self.request.POST.get(‘image_as_base64’, None):
format, imgstr = self.request.POST.get(‘image_as_base64’).split(‘;base64,’)
… Continue reading How to save image in base64 format as file in secure way? [closed]
From googling, a lot of file upload vulnerabilities rely on injecting something into the filename and also rely on the picture being stored on the server, is it safe to just do a post request of the picture’s content (file-contents: ‰PNG….. Continue reading Can a file upload function be vulnerable without it the file name getting passed?
A client is developing a website which is vulnerable to reflected XSS through a GET parameter:
https://example.com/vulnerable-url?”)||true)alert(“XSS”);</script>
I would like to demonstrate this vulnerability by providing a link l… Continue reading Demonstrating reflected XSS with GET Parameter and URL encoding
I’m trying to decode this attack. I know it’s attempting to send some kind of malicious command to the web server but I can’t figure out how to decode it. It’s like encoded more than once or something. I don’t know. I’ve looked around and … Continue reading Help with decoding this? Base64 attack [closed]
I am testing a web application which stores the password in the database in an encrypted format (Vf@Hg;,k@Ldskh@Fldsi). How do I determine what hashing or encryption is being used?
While performing a file upload, a template parameter is sent together with file. Service acts differently when different parameters are passed.
I need help to figure out what this parameter contains.
Here are two examples:
7b0fc4f83d3fc32… Continue reading Help to understand what’s inside base64 string [migrated]
I was practising some labs to get better at XSS and SSRF. I found that sometimes I just encode characters once and the security filter is bypassed and occasionally I have to encode it two times.
How does the filter work in the backend? Ca… Continue reading Single and double Encoding of parameters to bypass security filters
This question already has an answer here:
How to determine what type of encoding/encryption has been used?
8 answers
I ha… Continue reading finding url encoding algorithm [duplicate]