Collaborate Disseminate
Consider the following website. Page A (https://example.com/login) contains a login form and its password field has the attributes name and id set to “password”. Page B (https://example.com/vuln) has a XSS vulnerability that allows an atta… Continue reading DOM access between same-origin tabs [duplicate]
Why do Browsers implement a Same-Origin-Policy (SOP) to prevent open websites in the browser from executing scripts that may access / modify data of other open websites in the used browser?
Another more ‘usual’ approach would be to simply… Continue reading Why not sandbox websites instead of using Same-Origin-Policy?
I understand SOP, ‘Same origin policy’ is supposed to prevent script code with origin x from accessing data with origin y. Origin is said to be a tuple of protocol, domain and port.
This explains what SOP is and why it is important, but … Continue reading "Same origin policy" and XSS
As I understand it, the Same-origin policy (SOP) basically prevents a script in a web page from obtaining or sending information from/to a different domain.
I understand that this is important to prevent a page from grabbing private data … Continue reading Why was the Same-origin policy originally introduced (before XMLHttpRequest)?
I realize that OWASP recommends CSRF tokens but I rarely see them used with public standalone HTTP APIs. This would seem to indicate that they’re not always necessary.
To make this a little more concrete, I would envision the following sc… Continue reading Do best practices eliminate the need for a CSRF token when writing an API server?
I realize that OWASP recommends CSRF tokens but I rarely see them used with public standalone HTTP APIs. This would seem to indicate that they’re not always necessary.
To make this a little more concrete, I would envision the following sc… Continue reading Do best practices eliminate the need for a CSRF token when writing an API server?
Say that a web server supports both HTTP and HTTPS. If a browser fetches the same JavaScript with a HTTP GET and a HTTPS GET, and the JavaScript is cache-able, will the browser cache two copies of the same JavaScript?
Technically speaking, it is possible to spoof both headers using an intercepting proxy but that’s useless because we are doing it ourselves as an attacker.
When we send an ajax request using JS from another domain with our s… Continue reading Why is it not possible to spoof referer and origin header with XHR?
I’m writing an essay about “Browser Password Managers”. As part of this I have to write about vulnerabilities and exploits. I stumbled across the following scientific paper from 2013: “Password Managers: Attacks and Defenses … Continue reading Remote extraction of passwords from browser password managers
I want to know if there is a way for JS from one Origin to delegate a task to JS from another origin in a secure way.
The use case is to have a JS Agent from the users’ home origin use the JavaScript Web Crypto API, to save… Continue reading Can JavaScript from different origins communicate securely