Collaborate Disseminate
So i reported one phishing attack to godaddy, there’s a legit site and once the link is sent it redirects the victim to the fake facebook login page, but in the URL is showen a legit site, the script is hashed and you cannot … Continue reading jQuery exploit package in hashed URL
I need to stop the chrome extension when I loaded the google-related things like
docs.google.com
adwords.google.com
mail.google.com
drive.google.com
I used this the condition in my .Js file:
if ((/\bredirect\b/.test(tab… Continue reading Chrome Extension [on hold]
The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym “str0ng” and “n3tr1x.”
jQuery’s blog website (blog.jquery.com) runs on WordPress—the world’s most popular content management system (CMS) used by millions of websites.
<!– adsense –>
While there is no evidence yet if the server (
Continue reading jQuery Official Blog Hacked — Stay Calm, Library is Safe!
I performed security testing of a web application by using some automated tools. Almost all tools detect only two jquery versions used in the web application. But by reviewing the code I saw that it uses many versions of jque… Continue reading detecting jquery versions with automated tools
I am storing some data in html field for display purpose.
When I changed value of that field through inspect element, it get changed in server side also.
Due to project requirement, I am unable to use server side validation… Continue reading Identify content change in client browser on server side
Working through a problem, i have managed to identify and write an sql injection, send that injection to a site but i need to automate clicking the login button.
Is it possible (through JS, html, etc) to load a webpage fill … Continue reading sql injection final issue
Working through a problem, i have managed to identify and write an sql injection, send that injection to a site but i need to automate clicking the login button.
Is it possible (through JS, html, etc) to load a webpage fill … Continue reading sql injection final issue [migrated]
I was wondering if this function would be vulnerable to XSS.
var url = “google.com”;
if (url.indexOf(“http”) != 0) {
url = “http://” + url;
}
$(“<a/>”).attr(“href”, url);
The ‘url’ is user input, and the <a… Continue reading Is there a possability to inject XSS into the jQuery attr function?
We have recently done a static analysis of our application/s, and there are few critical findings for a 3rd party code i.e. jquery and swagger UI.
What are security best practices in this case to mitigate the risk?
Is CSP enforced only during initial rendering, meaning there is no continuous coverage after your document loads? Here is an example of what I’m talking about:
Let’s say your page, example.com, has some JS that takes the url… Continue reading Is Content Security Policy only enforced during initial rendering?