Collaborate Disseminate
I have an api endpoint that returns a new api token in JSON to the user if they’re logged in to my website with only their session cookies being used to authenticate.
I’m trying to write a piece of code that automatically lo… Continue reading CSRF testing of an api endpoint using GET requests
XSHM is a vulnerability which exploits the fact that the browser history object does not follow the Same Origin Policy and hence by tracking the changes made to this object we may be able to track a user’s activities.
Most of the online … Continue reading Is Cross Site History Manipulation (XSHM) still relevant?
The question is for the security community to resolve some misunderstandings here.
The crux:
Company (Wire) has a client (official-client.com) and a server code (e.g. official-server.com ).
CORS currently allow official-c… Continue reading Are restrictive same origin policies necessary?
I understand the concern about a tainted canvas – the idea that the bits of an image from another site can be sent back to a malicious server. But can you explain the details of how exactly this works?
Suppose the user visit… Continue reading Why is a "tainted canvas" a risk?
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site.
Identif… Continue reading Critical “Same Origin Policy” Bypass Flaw Found in Samsung Android Browser
I was testing a website and noticed that changing the “Origin” Header’s value of a request with an intercepting proxy application results in the web application sending a response with “Access Control Allow Origin” set to the… Continue reading Is it safe to set "Access Control Allow Origin" header’s value to the "Origin" header’s value which is implicitly set by the browser?
A SPA like Angular app downloads all the resource at once at the client usually is a browser, and sending requests to the server via CORS since the JS files are already in your local machine. In this situation, it clearly bre… Continue reading Is a single page application (SPA) naturally breaking the same-origin policy?
I am working with the security team at my work to get a website accredited before I can publish it…It is a very simple webpage hosted on Github pages with only some javascript.
I kind of reached a roadblock in terms of cre… Continue reading GitHub pages and same origin
Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers. Continue reading Attack Uses Docker Containers To Hide, Persist, Plant Malware
I’ve been looking at a few issues related to XSS. In doing so, I’ve stumbled upon a few “XSS Filter Evasion” type checklists that demonstrate supposed XSS via data URIs. For example:
The last line of: https://gist.github.co… Continue reading Using data URIs to perform XSS in anchor tags – vulnerability?