Open Redirect in asp [on hold]
Need to know whether HTTP_HOST in below code comes from user or it is taken from server request itself and not user input
Request.ServerVariables(“HTTP_HOST”)
Collaborate Disseminate
Need to know whether HTTP_HOST in below code comes from user or it is taken from server request itself and not user input
Request.ServerVariables(“HTTP_HOST”)
Simple question but hard to understand how web browsers make the distinction between legitimate and malicious code when mode=block is enabled?
Of course, I would like to know how each rendering engine works.
I recognise the importance of configuring HTTP security headers (X-Frame-Options, X-XSS-Protection and X-Content-Type-Options) for web servers
(and other internet facing servers such as loadbalancers). But is this necessary f… Continue reading Should HTTP Security headers be configured for all servers?
My site was hacked and now it responses with ‘Location’ header redirecting to the malicious site, but does this only for mobile clients. I wasn’t able to find the malicious code yet and I’d like you to help me to find it.
He… Continue reading Where should I look for ‘Location’ header malicious redirect? Linux, php
This website has a header in the request (If-None-Match) and whatever you set the value to for it, the response will contain a header (ETag) with the value of the If-None-Match header.
I understand why it does that, but is t… Continue reading Any risk with HTTP header value reflection?
If a server sets a HTTP header value HeaderNameABC: HeaderValueXYZ in the response header it is sending to a browser, will browser send that header back in the follow-up request it sends to that server?
If yes – where is tha… Continue reading HTTP Headers workflow
Liquid cooling is a popular way to get a bit of extra performance out of your computer. Usually this is done in desktops, where a special heat sink with copper tubing is glued to the CPU, and the copper tubes are plumbed to a radiator. If you want dive deeper into the world of liquid cooling, you can alternatively submerge your entire computer in a bath of mineral oil like [Timm] has done.
The computer in question here is a Raspberry Pi, and it’s being housed in a purpose-built laser cut acrylic case full of mineral oil. As a SoC, …read more
When life hands you lemons, lemonade ends up being your drink of choice. When life hands you non-standard components, however, you’ve got little choice but to create your own standard to use them. Drinking lemonade in such a situation is left to your discretion.
The little audio record and playback modules [Fran Blanche] scored from eBay for a buck a piece are a good example. These widgets are chip-on-board devices that probably came from some toy manufacturer and can record and playback 20 seconds of audio with just a little external circuitry. [Fran] wants to record different clips on a …read more
Continue reading A Hacked Solution For Non-Standard Audio Modules
I created a simple test web application to test the use of the content security policy header. I included a vulnerability in my test app, such that submitting a basic XSS payload with script tags would be reflected back in fu… Continue reading Content Security Policy Header not stopping attack
This question already has an answer here:
Is checking the Referer and Origin headers enough to prevent CSRF, provided that requests with neither are rejected?
3 answers
… Continue reading Using Referer/Origin request header to prevent CSRF [duplicate]