information exposure – Page 3

Is this usual occurrence or SSRF?

Posted on October 8, 2020 by Aditya Jha

if the url (generated by me on ngrok and listening to it) supplied in the blocked-uri parameter of another csp report submitted to a sentry server, is getting get requests from cache.google.com and other cache servers like atmc and ncren n… Continue reading Is this usual occurrence or SSRF?→

Information exposure through query strings in url of a POST request [duplicate]

Posted on September 9, 2020 by inf0s3c

I can’t seem to find any information online for when there is information exposure through query strings in URL of a POST request.
I understand it is an issue for when it’s sent in HTTP GET. Wondering if it would still be an issue for when… Continue reading Information exposure through query strings in url of a POST request [duplicate]→

Does Twitter’s ‘s’ query parameter disclose private information? [closed]

Posted on September 8, 2020 by The Movie Man

When I use the share button on Twitter the link becomes https://twitter.com/username/status/ID?s=number instead of https://twitter.com/username/status/ID.
What is the meaning of this ‘s’ parameter?
Is it an ID that gets generated to see wh… Continue reading Does Twitter’s ‘s’ query parameter disclose private information? [closed]→

Jack Daniels, Ritz London Face Cyberattacks

Posted on August 17, 2020 by Tara Seals

The REvil ransomware and savvy phone scammers have exposed sensitive information. Continue reading Jack Daniels, Ritz London Face Cyberattacks→

Users behind a shared server

Posted on August 4, 2020 by Paddy

I used to host a website on a shared server with a company because of how inexpensive it was.
Those were the days when I thought I would be Mr.Robot himself and was pinging my own website. I got the IP address and entered it into the brows… Continue reading Users behind a shared server→

Getting real machine information from a virtual machine

Posted on July 31, 2020 by Paddy

If a malicious software gets into a virtual machine, what is the most information of the actual machine it can obtain?

Continue reading Getting real machine information from a virtual machine→

What is the Meow Attack and how can I guard my databases against it?

Posted on July 28, 2020 by MDMoore313

Recently, there has been some news articles about unsolicited attacks on unsecured public facing Elastic and Mongo databases. These are commonly being called "Meow" attacks, resulting in entire databases being deleted without ran… Continue reading What is the Meow Attack and how can I guard my databases against it?→

Autofilling sensitive information for publicly available form

Posted on May 28, 2020 by Script47

We are in the process of designing an app which, simply put, will allow people to accept payments easily.

The customer won’t need an account and we’ll be linking customer data (name, address, and phone) via emails used through their paym… Continue reading Autofilling sensitive information for publicly available form→

Google forms and information

Posted on May 11, 2020 by E.s.

Can the owner of the google form see the time when I have submitted that form? I mean by the owner, the one who has done the form that I am filling which is the same one that I am sending it to.

Continue reading Google forms and information→

Nexus Intelligence Insights: What’s in a Ghostcat? CVE-2020-1938 Apache Tomcat – Local File Inclusion Potentially Leads to RCE

Posted on March 9, 2020 by Akshay 'Ax' Sharma

For this month’s Nexus Intelligence Insights, let’s dive deep into the popular Ghostcat vulnerability making headlines recently.
This vulnerability deserves attention as it impacts the widely used Apache Tomcat web server, has at least… Continue reading Nexus Intelligence Insights: What’s in a Ghostcat? CVE-2020-1938 Apache Tomcat – Local File Inclusion Potentially Leads to RCE→