Collaborate Disseminate
I found a HTML injection vulnerability but there is an issue.
The following request returns the following:
curl "https://redacted.com/xss/para?meter="><h1>Test\</h1>"<meta name="url:url" content=&… Continue reading Parameter vulnerable for HTML injection but cannot exploit because of URL encoding
I have a code that I need to decipher:
1AAXs0RyFR3OM9nZA3XVkD07AVOZmYUMsRvyeq2BoY42sNbkSUySHCdFdwwQx6LWghNDqiPyBzNE7KDXkerX4vt0klZ2
At first glance it looks like a base64 encryption so i went to https://www.base64decode.org and tried to d… Continue reading Base64 decoder shows weird characters [closed]
I am looking for a plugin like the ScreenShotter , which is capable of capturing a screen shot of other local network connected devices opened browsers pages using html5 canvas
A demo of ScreenShotter working
I am also unable to verify tha… Continue reading Is There an MITMf ScreenShotter plugin for modern tools like bettercap?
I was looking at our M365 Defender and was doing some looking around. I noticed the process GoogleUpdate.exe run an encoded ping.
The command was "GoogleUpdate.exe" /ping <encoded stuff>.
I tried decoding using chef and bel… Continue reading Googleupdate.exe runs ping encoded – Is this expected?
I want to access data in a PHP variable from JavaScript code. An (old) OWASP cheat sheet recommends embedding it in HTML before accessing it, an approach like this:
<div id="init_data" style="display: none">
<… Continue reading Is PHP json_encode sufficient for HTML data blocks?
Does anybody know what kind of encoding looks like this?
=CE=AD=CE=BD=CF=83=CF=84=CE=B1=CF=83=CE=AE =CF=83=CE=B1= =CF=82
Analyzing an android app’s traffic POST request, it sends some important pieces of data in the form of URL encoding. This is pretty easy to decode and get the data. The data is sent over HTTPS. But is it safe to perform URL encoding of the… Continue reading Burp suite: URL encoding of request body – Is this safe?
I am analyzing the HTTPS traffic from a particular Android app using the Burp proxy. So every 5 minutes, the app hits an endpoint and sends an encrypted/encoded text in its HTTPS request. I tried decoding it using CyberChef Base-64 and rep… Continue reading Encrypted/Encoded text in the Burp HTTPS request – Android [duplicate]
The common thing to do in defense against XSS, stored or not, is to HTML-encode the payload. Encoding upon the upload/POST of the data is efficient for processing power and neutralizes it early to be stored in the database but the payload … Continue reading Is there a consensus on whether HTML encoding should happen upon upload or retrieval/display for defense against stored XSS?
When I submit an Customer Reference ID in an Android Application it POSTs an Encrypted String to an API Endpoint.
For example, if I enter the following CR ID :
"CR-13261150"
it POSTs the following Encrypted Data:
splainText : &q… Continue reading How to Find Encryption when knowing Input Plain Text and Output Encrypted Text? [duplicate]