how to send cookies or token in local storage to a remote server using reflected XSS

I have an XSS vulnerability identified by <script>alert(1);</script> in the url.
So when I put it in the url it gets executed (ex: www.example.com/admin/<script>alert(1);</script> ).
I also tried after loggin in, an… Continue reading how to send cookies or token in local storage to a remote server using reflected XSS

Unable to login to Portswigger lab website with curl or javascript [closed]

I’m studying the basics of XSRF on Portswigger and I’ve completed Lab: CSRF vulnerability with no defenses with FireFox. I attempted to go a step further by completing the same lab from the terminal. However when I send a request to the se… Continue reading Unable to login to Portswigger lab website with curl or javascript [closed]

Hackaday Links: March 3, 2024

Hackaday Links Column Banner

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available …read more Continue reading Hackaday Links: March 3, 2024

TIOBE Index News (February 2024): Programming Language Go Reaches a New High at Number Eight

Carbon, an experimental programming language, entered TIOBE’s top 100 ranking in February. Continue reading TIOBE Index News (February 2024): Programming Language Go Reaches a New High at Number Eight

Securely storing derived key in web app and handling user identity

I am currently working on an open source project to securely store notes, payment card numbers, etc. I would like to implement a zero knowledge encryption method so that no one but the user can decrypt this data.
Unfortunately, I am stuck … Continue reading Securely storing derived key in web app and handling user identity