Collaborate Disseminate
I can successfully iframe a page on origin B from origin A (no x-frame-deny, content security policy, etc). A page on origin B (page X) redirects to a page on origin C (page Y) with a server side redirect (status 301). Origin C doesn’t all… Continue reading Is it possible to track cross origin redirection?
In RFC6455 section 10.3, it explains why they have made clients mask their outgoing frames (so that a malicious server cannot manipulate a client into sending something in plaintext, as the message could be a HTTP request which could be us… Continue reading Cache poisoning from rfc6455 (WebSockets) not requiring server message to be masked?
I’m trying to perform a brute-force attack using Hydra on http://testphp.vulnweb.com/login.php. The login credentials are "test" and "test" for both the login ID and password. Despite using the correct credentials it’s … Continue reading Hydra 0 valid passwords found despite correct credentials
To clarify the question, here’s our case:
We generate encrypted tokens by applying AES-CBC (256 bit) and Base64 to payload:
encrypted_token = Base64.encode(AES_CBC_256.encrypt(key, iv, payload)).
These encrypted tokens are publicly availab… Continue reading Can token decryption endpoint response codes variability lead to security vulnerabilities?
This question is out of pure curiosity. I know I can send multipart formposts using curl’s –form/-F option. However, I was curious to see if the same can be done with the –data-binary option? For example, if I run the following script to… Continue reading How to properly use cURL –data-binary to send a request payload
While learning about pentesting most of the time I have used the python3 -m http.server [PORT] command to spin up a temporary http server in order to transfer files to a target system. However as I am progressing and moving beyond the basi… Continue reading How to set up a simple HTTPS server for pentesting [closed]
How can a hacker steal my session where my form does not have CSRF tokens but my session cookies are HTTPonly? how would he get my session cookie in this case? is this possible?
for example, to be clearer, I have my session authenticated i… Continue reading HTTPonly token without CSRF is safe?
A URL is followed by a number. Changing the number will change the content of the web page. Now I know it’s insecure direct object reference (IDOR). What should I do to fix this vulnerability?
Continue reading A URL is followed by number, what is its vulnerability?
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let’s take this example:
gopher://10.10.10.3:80/_POST%20/login%20HTTP/1.1%0aContent-Ty… Continue reading SSRF trough Gopher
I’m digging into proxies and VPNs to wrap my head around their security aspects. Wondering: can a proxy server sneak a peek at my raw requests and maybe even tweak them a bit? my connections are HTTPs
Continue reading Can a proxy server view the request and response bodies? [duplicate]