Collaborate Disseminate
I am learning about “Session fixation” and have read the corresponding OWASP page.
In their Example 2 in the above page, they describe an attack via JavaScript, that is embedded in the URL like:
http://website.kom/<script>document…. Continue reading Can a URL contain executable JavaScript?
1ty.me is a website that allows you to send secret messages (password, nuclear code, etc.) to someone with a one-time link. So when someone receives the link and clicks on it, the secret message is removed permanently.
They say in their F… Continue reading one-time link on 1ty.me
I was looking into my websites traffic and found few entries from a subdomain for shnpoc.net domain. And when I looked into it, it was transparent proxying my website.
On checking further, I found this twitter post which stat… Continue reading Phishing urls from shnpoc.net/McAfee?
Every day my server receives many GET requests in search of security holes. In other words, they are trying a list of words in search of a hole.
for example:
http://myapp.com/phpmyadmin
http://myapp.com/pma
http://myapp.c… Continue reading Blocking URL brute-forcing on my server
I published the following diary on isc.sans.edu: “Microsoft Apps Diverted from Their Main Use“: This week, the CERT.eu organized its yearly conference in Brussels. Across many interesting presentations, one of them covered what they called the “cat’n’mouse” game that Blue and Red teams are playing continuously. When the Blue team has
[The post [SANS ISC] Microsoft Apps Diverted from Their Main Use has been first published on /dev/random]
Continue reading [SANS ISC] Microsoft Apps Diverted from Their Main Use
Pieces of web applications such as WordPress or moodle require to specify the URL that the user will provide in order to visit the site. For example, in moodle has the $CFG->wwwroot config parameter that takes the value of… Continue reading Why modern php web application requires to specify the application’s url?
This question already has an answer here:
Forensics – trace back DNS query origin on host?
1 answer
I installed a DNS ser… Continue reading Trace the orgins of a DNS request [duplicate]
I have a 3rd party API that I need to connect to and they allow queries that can be formed by changing url parameters.
E.g. /data?startDate=2019-01-01 or /data?name=’John Doe’
It is easy to form these queries by concatenating strings, bu… Continue reading How to protect against injection into a 3rd party REST API?
I’m testing a website:
https://this-site.com/path/to/dirs
but what i’ve found is if I do the following below the site will load 4 pages in a infinite loop
https://this-site.com/path/to/dirs/…/.
I was thinking it would… Continue reading What type of vulnerabilty is this?
I came across
http://test.co.uk/img/rOTJwSOqWzHaDsEUcHhI.
If we take a look at it the directory space is protected against bruteforcing of the whole directory to explore private images.
I don’t know the official name for th… Continue reading Replace PATH space with random string