Collaborate Disseminate
We have a process that encrypts a URL, it uses DES encryption. I suspect someone may have figured out the key and is decrypting it to crawl information. This was set up many years ago, I just want to make sure whoever set it up is did not … Continue reading Where could I find a list of keys not to use for DES encrypting
In Telegram messenger, there is an option to set the connection type to MTProto Proxy.
The end of the proxy link is closed with a dot. While this link is wrong, it works properly.
https://t.me/proxy?server=www.mapbox.pics.&port=443&… Continue reading The Telegram proxy link is closed with a dot [closed]
I found a HTML injection vulnerability but there is an issue.
The following request returns the following:
curl "https://redacted.com/xss/para?meter="><h1>Test\</h1>"<meta name="url:url" content=&… Continue reading Parameter vulnerable for HTML injection but cannot exploit because of URL encoding
Sometimes I receive email messages from organisations I’m involved with saying something like:
Alice at AnyCo has sent you a secure message
Along with a link to access said message. Sometimes I’m then asked to create an account. The last… Continue reading Is there any security benefit from emailing a "secure link"?
More trouble with special-purpose URLs on Windows. Continue reading Yet another zero-day (sort of) in Windows “search URL” handling
I have a wordpress plugin that helps create an organization chart/tree and then generates a URL where the chart is available to be viewed by the public?
Inside the plugin’s view in WordPress dashboard. After we create a chart, we click gen… Continue reading What are the vulnerabilities of exposing url end point param?
Is there a convention or safeguard to show malicious URLs in a paper if they are relevant to the topic?
Some PDF viewers parse the text for URLs, which makes removing the hyperlink alone insufficient. How can (accidental) clicking be preve… Continue reading What is a safe way to display malicious URLs in research PDFs?
I’m working with the API for a popular CI/CD app and I found a bug where path variables are being written directly to the DOM without being checked first. The tldr is that to access a project you go to a URL like
appHost.com/projects/proje… Continue reading How can I inject JavaScript into a url whose contents will be written to the DOM in a way that it could execute? [closed]
for example, you want to do // without commenting how do I do it (I’m trying to access a URL using curl)
Continue reading How do I use the Double slash comment in c++ without commenting
I accidentally clicked a link in a malicious email. The link has opened in my browser. I have not entered any username and password to login in.
Could I have been hacked? I’d like to know what could have happene, please. If the attack per… Continue reading Click on a link in a malicious email – how can i be hacked? [duplicate]