Collaborate Disseminate
What are the main kinds of hacks that can be used when passing user input from the command line, and what are the key techniques to prevent against them (like to prevent against browser XSS attacks, you typically escape the HTML before ren… Continue reading Primary techniques to prevent against hacks when passing user input to CLI arguments?
Reading how Spotify was normalizing unicode inconsistently, and now I’m questioning if I am overlooking any issue on accepting non-normalized usernames.
From what I can tell, lowercase was first used on unix because users had to log in fro… Continue reading Is there any benefit to normalize unicode/utf-8 names that I am overlooking?
On https://ais.osym.gov.tr/ I saw an XSS vulnerable input. I tried some payloads without malicious intent which only contained alerts or console logs. The code img \x00src=x onerror=alert(1) worked.
Now the problem is whenever I try to re… Continue reading Accidentally locked an XSS vulnerable input
I have a WordPress plugin that helps create an organization chart/tree and then generates a URL where the chart is available to be viewed by the public.
The plugin dashboard looks like this
the plugin uses window alerts to input from the u… Continue reading What are vulnerabilities of saving user input directly in wordpress plugin?
I have understood from reading in "Hit the expert" in Hebrew Wikipedia that a Cipher is a code which includes a key in the input.
Also:
A code affects the word, and a cipher affects the individual letters. Cipher — A cipher is a… Continue reading What is the difference between a code and a cipher (Cypher)? [closed]
Is unwanted characters removal enough to prevent most attacks (Python) ? Obviously the code should have more sophisticated rules (ex.remove more than one consecutive white spaces after a new line), but my understanding is that only charact… Continue reading Input sanitization
I just clicked a phishing link and foolishly entered my credit card details. I realized it was phishing before I hit SUBMIT. Is there a chance I exposed my data?
Continue reading Phishing: can input data be saved before I hit the button?
Let’s say that I have a single-page web app written in JavaScript and a server-side API, both changeable by me. The app calculates some values based on user input and POSTs these to the API. The values are based on user input but do not co… Continue reading Preventing users from tampering with input
Pheraphs the question is more about how does the back-end of an application that takes a flat file with a specific template as input handles such input.
Continue reading How would you test the security of a flat file processing application?
How would you test the security of a flat file processing application?
Perhaps the question is more about how does the back-end of an application that takes a flat file with a specific template as input handle such input.
Continue reading How would you test the security of a flat file processing application?