Collaborate Disseminate
I’ve been in the Point of Sale industry for decades. Parsing card magnetic stripe track 1 data has never been difficult, but lately we’ve started to see some odd data in the name field of cards that customers have been swipin… Continue reading Odd characters — including a backslash — in magstripe track 1 name field?
Im really new to all of this i’d like some insight.
the encoding scheme looks like this
e0b7 e51f a24f 2ee8 f950 ecc4 d46b 6b3b 11bd 1930 ccb0 3c9f ecf5 368d f570 c72d a37e 47a6 bf03 2cf4 947c e913 a32a 5a80 379f
If i knew… Continue reading Problem identifying this encoding schematic into plain text
If a website URL gets encoded then is the website still vulnerable to XSS or no?
For example, if I try <script>alert(1)</script> and the site URL encodes my payload to %3Cscript%3Ealert(1)%3C%2Fscript%3E does this mean the sit… Continue reading XSS with URL encoding
Is reflected XSS impossible, when HTML meta-characters, e.g., < and >, are encoded, and the result output in HTML context?
I have a website that displays the URL path directly in HTML context, i.e.,
www.mysite.com/he… Continue reading Is reflected XSS impossible, when HTML meta-characters, e.g., < and >, are encoded, and the result output in HTML context?
I have 2 fields a label and a Textbox.
Q1. HTML encoding should be done while saving data into database or while displaying in the aspx page?
Q2. HTML encoded label text is displayed properly in browser like as asd < pqr… Continue reading HTML encoding for Textbox in asp.net for security
$bytes = random_bytes(15);
$encoded = base64_encode($bytes);
$output = substr($encoded, 0, 15);
Does this code affect the complexity of the output vs just using
$output = random_bytes(15);
I think it might because a in b… Continue reading Is a substring of base64 encoded random_bytes less secure then just using random_bytes
I’m using mbed TLS for ECDH key agreement using Curve25519. The private and public keys are stored and transmitted as Hex strings as easily generated with mbed TLS. Those strings are big-endian. This worked quite fine so far…. Continue reading ASN.1 encoding of X25519 private key
It seems to me SQL injection could be avoided by just converting everything to a simple encoding like base64 that doesn’t have any harmful symbols.
In the classic query “SELECT * FROM users WHERE username = ‘${username}'”, i… Continue reading SQL Query Sanatization
So I’m pen-testing a web application. Upon submitting certain data it sends it in a POST request which contains the data in a JSON object. So while fuzzing it I was testing for improper encoding handling. Sure enough when sen… Continue reading Server improperly handling unicode characters?
I needed to test how Hydra works, so I tried to attack my own wifi router. I set the user name as “user” and created a txt file containing 100 passwords including the “real” password.
I am unable to read the log in of the h… Continue reading Hydra – Attacking when login page encodes the username and password