Collaborate Disseminate
I need to allow a user to pass unsafe text into an iframe URL:
<iframe src="https://example.com?foo=INPUT"></iframe>
Inside the iFrame render code, I have this:
<!doctype html>
<html lang="en">
… Continue reading Is this safe from XSS?
for example
sqlmap -u "https://example.com/home/login
how can I get this to include the (Id) and the (PHP) part I see in every example. Like this
http://127.0.0.1/vulnerabilities/sqli/?id=1&Submit=Submit#
Continue reading When using SQLmap how can I correctly format a websites url [closed]
We sometimes get to see this behavior from a single IP address/logged in user –
There are a lot of hits on our server that have .png at the end of the URL which results in a 404 because we don’t have any such URL nor a static file at this … Continue reading Multiple random requests for Non-Existent URLs from a single IP resulting in 404s
Situation
I am learning about phishing attacks using OSINT, social engineering and some Kali tools to send a mail to a dedicated target, which contains an ‘appealing’ message and an ngrok link leading to a fake website (a fake Instagram lo… Continue reading Making a phishing link look innocent
Recently my organisation has been flooded with phishing e-mails with different approaches: pretending to be Reddit or LinkedIn information about a new follower or package delivery status/problems, etc.
Every malicious e-mail is delivered f… Continue reading Automated malicious links delivered with e-mail (Reddit, LinkedIn, Package) [closed]
Why does the "ved" parameter in a google search change depending on my location even tho I have turned off location use?
For example, this is a list of "ved" paraneter of the same website url, but from different countri… Continue reading What does the "ved" parameter in a google search refer to? [closed]
Why does the "ved" parameter in a google search change depending on my location even tho I have turned off location use?
For example, this is a list of "ved" paraneter of the same website url, but from different countri… Continue reading What does the "ved" parameter in a google search refer to? [closed]
I’m communicating with a job headhunter over LinkedIn and he sent me an e-mail containing information about a position. However, I noticed that all of the hyperlinks in the e-mail (even the one on his e-mail address) had very strange URLs… Continue reading Suspicious hyperlinks (all hex URLs) in e-mail
As I see in this answer that cryptographically secure randomness is a must in user activation urls such as:
https://example.com/user-activate/^random_string^
But what are considered best practice regarding:
The length of the random strin… Continue reading How big must the random string be and how long should a user activation link be available?
As I see in this answer that cryptographically secure randomness is a must in user activation urls such as:
https://example.com/user-activate/^random_string^
But what are considered best practice regarding:
The length of the random strin… Continue reading How big must the random string be and how long should a user activation link be available?