json – Page 3 – WindowsTechs.com

Is it possible to get xss in json body request?

Posted on June 24, 2022 by B3ingN00b

I was doing a VAPT assessment in which I see some JSON body in the request which has orgid deviceid
So there any possibility to get XSS in json body?

Continue reading Is it possible to get xss in json body request?→

How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?

Posted on June 20, 2022 by RemiYuko

I would like to know a somewhat general approach for white box vulnerability scanning, mainly focused around Java deserialization code bugs that could lead to RCEs (Remote Code Execution following deserialization).
So far, my current strat… Continue reading How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?→

Decrypting Data field of HTTP2 packet in Wireshark

Posted on June 10, 2022 by UserIT

I have pcap file that consists of HTTP/2 requests. Communication between two machines used basically done through Encryption using JSON Web Encryption (JWE) and encapsulate and encapsulates the resulting JWE object into a HTTP/2 message (a… Continue reading Decrypting Data field of HTTP2 packet in Wireshark→

I found this json text in a .srt file for a video [closed]

Posted on May 10, 2022 by Sad Lemon

So i am not sure what does this actually do i understand that its a get request but that’s how far my knowledge is
{
"threads":[{"position":24444914,"start":0,"end":25606282,"connection":&q… Continue reading I found this json text in a .srt file for a video [closed]→

Re-populate form with JSON data

Posted on May 3, 2022 by The nothing

I re-populate form with JSON data via javascript (all data has the same origin server)
1 Wen the page load, make a request post ajax
2 The response Ajax is a:
Object { primary_ns: {…}, secondary_ns: {…} }

Here is where I do the re-populat… Continue reading Re-populate form with JSON data→

Turn Timing Diagrams Into ASCII Art, For Friendlier Pasting

Posted on April 4, 2022 by Donald Papp

We all use text-based fields at one time or another, and being limited to ASCII only can end up being a limitation. That’s what led [Luke Wren] to create asciiwave, …read more Continue reading Turn Timing Diagrams Into ASCII Art, For Friendlier Pasting→

Storing encrypted data inside a JSON array in MySQL?

Posted on February 27, 2022 by JavaForAndroid

I have the following the situation: I have some data structures which look like this:
{
id: int
name: BLOB
password: VARCHAR(80)
…
}

There it is easy to store the encrypted fields in the MySQL database because I could si… Continue reading Storing encrypted data inside a JSON array in MySQL?→

sqlmap testing JSON data in a cookie [closed]

Posted on February 17, 2022 by Ilqar Sadiqov

I am testing some website for sql injection and found with burp suite that this website is vulnerable.
I have tested sql injection and executed some sql queries successfully within burp suite. Now I want to use sqlmap. Burp suite found a v… Continue reading sqlmap testing JSON data in a cookie [closed]→

Is a backend API server vulnerable to CSRF?

Posted on February 15, 2022 by Saif

We recently ran a Veracode SAST scan on our application and discovered that it has a CSRF. However, I wanted to check whether this is really true or it’s just a false positive.

Our application is a pure backend server. Serving JSON APIs t… Continue reading Is a backend API server vulnerable to CSRF?→

How does "./" affects signature generation for files, in a PHP based web application?

Posted on January 29, 2022 by ThinkTank

I am solving a lab related to serialization vulnerabilities. It deals with retrieving files based on the signature. The theory of the lab states as quoted, "Adding ./ will still give you the same file but the application will generate… Continue reading How does "./" affects signature generation for files, in a PHP based web application?→