error-handling – Page 2 – WindowsTechs.com

Aut2Exe Error kali linux

Posted on January 11, 2021 by bang_jagoet

Error: unable to add resources
c:\users\root\local settings\Application Data\AutoItv3\Aut2Exe\aut2134.tmp.exe

Continue reading Aut2Exe Error kali linux→

Credit card form : Is it neccessary to obscure error messages?

Posted on November 30, 2020 by Christopher Smith

I’m working on designing a credit card payment form whose core functionality is provided by a payment processing company ("upstream").
Upon some transaction errors the upstream returns the detail (*one kind at a time) of the user… Continue reading Credit card form : Is it neccessary to obscure error messages?→

API Returning Java Exception. Safe?

Posted on October 23, 2020 by somexp12

I just wanted to ask if my concerns here are valid.
I am aware that it is unsafe for the API to return a stack trace. I have a similar, but less egregious, situation that I am trying to judge.
Is there also some standard regarding packagin… Continue reading API Returning Java Exception. Safe?→

Pros/Cons for showing a user how many failed login attempts they have remaining before getting blocked?

Posted on August 12, 2020 by Varun S. Ranipeta

For context, my web app will be used by users who don’t have a strong technical background. What are the pros or cons for displaying a message like this?
Something like:

Continue reading Pros/Cons for showing a user how many failed login attempts they have remaining before getting blocked?→

Is there a problem with this approach to handling invalid web probes?

Posted on June 12, 2020 by Quango

Like any other website owner, I get frequent probes for vulnerabilities e.g. .php .sql or .gz pages.

These used to appear in my log files as 404 responses (we host on ASP.NET Core). These also take up server time and processing as it has … Continue reading Is there a problem with this approach to handling invalid web probes?→

XSS Bruteforcing results in 500 internal server error

Posted on June 10, 2020 by Ananda Sai A

I’ve been trying to trigger xss in a website with the following url

https://website.com/login/error?username_or_email=xyz%40gmai.com&redirect_after_login=%2wall

While trying different payloads with Burp Intruder, I noticed that v… Continue reading XSS Bruteforcing results in 500 internal server error→

Does Asp.Net Core exposes too much information for required enums that were not supplied?

Posted on February 14, 2020 by Ilya Chernomordik

I have a simple code for an input model:

public class MyClass
{
[Required]
public MyEnum? Type { get; set; }
}

Now if I do not send Type as a part of json to the request, I get this error from Web.Api:

“The JSON value coul… Continue reading Does Asp.Net Core exposes too much information for required enums that were not supplied?→

Secure error messages from public API

Posted on January 23, 2020 by WendyG

We are writing our first public API.

Now I remember hearing in the past that you shouldn’t give users useful error messages, that allows hackers to learn what your data is.

so if the get is

{
policyNumber: ’43’,
product: ‘car insuranc… Continue reading Secure error messages from public API→

Is it a security vulnerability to tell a user what input characters are valid/invalid?

Posted on January 14, 2020 by csrowell

For input validation on a website, are there any security concerns with disclosing to the user exactly what characters are valid or invalid for a given field?
CWE-200: Information Exposure says one should try not to disclose information &q… Continue reading Is it a security vulnerability to tell a user what input characters are valid/invalid?→

Leak multiple lines from file

Posted on October 9, 2019 by Yuu

I am researching this bug here, where the first line of an arbitrary file can be leaked by triggering a SyntaxError using the compile() function.

Is there a method of leaking the rest of the file, such as similar to the way… Continue reading Leak multiple lines from file→