Collaborate Disseminate
This is my situation: a user uploads a pdf file to my server. The data travels encoded in base64 (like a regular input in a form). The base64 is saved in one particular file on my server. Now, another user wants to access tha… Continue reading Security risks with pdf files in object tag at client/server side
When need use mixed encoding xss payloads, and it is good way for found xss?
Thanks!
[Sorry my English, please edit it]
I tried various ways of decoding or analyzing data using wirehark and tshark with cli, also suggested that the pcap data was intentionally damaged by someone and I used pcapfix to fix the sectors of the file, but pcapfix did … Continue reading Hidden coversation in pcap file
Exploiting confusion about character encoding is used to get past XSS filters is an old trick (see e.g. this question). It works when the browser is interpreting the page to be in encoding A, but the filter is assuming it’s i… Continue reading What character encodings are useful in bypassing XSS filters?
I have read in different sites about different ways to bypass XSS sanitizers, like double encoding special characters such as /<>:”‘, or employing different encoding schemes.
However most of these sites do not explain … Continue reading When and why does bypassing XSS sanitizers with double encoding work?
for security purpose now i’m fetching all data from database with htmlEncoded format. it is correct? please help..
Continue reading Is it safe to get html encoded data from database to prevent stored XSS attack?
So I have these 3 strings:
F)J@NcRfUjXn2r5u8x!A?D(G-KaPdSgVkYp3s6v9y$B&E)H@MbQeThWmZq4t7w!
8y/B/E(H+MbQeShVmYq3t6w9z$C&F)J@NcRfUjWnZr4u7x!A%D*G-KaPdSgVkYp2s5v8y/
$C&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H… Continue reading What type of encoding/encryption was used for this?
I got a encrypted code in a CTF subject from a PNG file:
U2FsdGVkX19fnlHOEYNUAaKCSHta0qqo9IOU3xavxQ==
I used base64 decode tools to decode it, and I got this:
Salted___QΑTH{ZҪߖŀ
It looks like a Openssl encrypted stream…. Continue reading How can I decode this?
When base64 encoding a certificate in PEM format (for transprting it within XML), the content is first converted to binary and then base64 encoded. Are there any other options? E.g. do I have to specify a character set or is … Continue reading Base64 encoding PEM
OWASP recommends that context-sensitive encoding needs to be done. Please help me in getting a couple of strong “code examples” on why context sensitive based encoding needs to be done and why HTML encoding alone won’t help i… Continue reading Why context sensitive encoding to prevent XSS?