Collaborate Disseminate
Basically I am doing a GET on this URL from SAP:
https://www.thirdparty.be/webservices.php?m=get_private_information&o=json&u=username&p=password
The third party webservice does use IP-whitelisting, and they have whitelisted o… Continue reading I’m calling the API of a third party, and have to pass the credentials as parameters in a HTTPS URL. Is that safe?
Basically I am doing a GET on this URL from SAP:
https://www.thirdparty.be/webservices.php?m=get_private_information&o=json&u=username&p=password
The third party webservice does use IP-whitelisting, and they have whitelisted o… Continue reading I’m calling the API of a third party, and have to pass the credentials as parameters in a HTTPS URL. Is that safe?
I’m trying to think of a way to create the most hacker-proof login system that I can only get into.
Currently my login page only consists of a password box and a button to submit data. Its run on an https url I never disclose to the public… Continue reading Most hacker-proof login page
As we know, it is possible to include username and password in the authority part of an URL. I see it’s still being documented in MDN. BUT:
Would I do people a favor if I drop support for it in my web protocols library?
Answer in question … Continue reading Is credential in URL obsolete (or should I be bold to drop support for it)? [duplicate]
I don´t really understand the tech behind that. I don´t understand how the image is not changed by the ones who want to steal from you but the rest of the pgp signature match the phishing site.
The image is from a darknet market and all of… Continue reading Why do phishing attackers not alter the reference image along with the PGP signature and other content?
Real case: I am writing dictionary program and part of the data are URLs. When I set them myself, life is simple, because it is me, so I know what I do. But when I import dictionary data from somebody else those URLs put in the data are ri… Continue reading User friendly yet secure policy for using imported URLs
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{script:.+[.]js}")
@Produces(MediaT… Continue reading how to exploit pathtraversal vulnerability
Url requested:
https://site.azurewebsites.net/fky_7143_tczf_ohced.aspx?group=CON&branch=A&usr=sales@othersource.com&page=stocks/Bep_EQ32_agepbb_abfgjc_ctkdcem.aspx?veBjt=09983&bbcAddbbf=375328&bufbBfadae=67
Logged Erro… Continue reading What could this partially nonsense URL request to my site be? [duplicate]
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=… to see whether they go to the webpages written… Continue reading Under which situations is open redirection possible?
Our WordPress site has about 11.500 posts and (sad but true) a wild mix of internal links with and without trailing slash.
We are looking for a way to remove all trailing / from all internal links.
Does someone have a good idea?
Continue reading WordPress: How to remove trailing slash from all internal links? [closed]