Collaborate Disseminate
Is there a security impact if a server passes the URL to the backend unfiltered, what attack can be mounted exploiting that? The server does require authentication of every request.
Continue reading What is a security issue with not checking URL parameters
Reading about open-redirection from web application hackers handbook came across a test case in which the server-side is validating user supplied data that the application uses to set target for redirection by following rules
URL provided… Continue reading How following URL’s will get open-redirection?
Today I noticed something strange.
I got an email containing a link that links to another site than the text says. In (Simple) HTML, the review is visible when hovering over the link.
However, in plaintext, in 3 out of 4 mails only the a.c… Continue reading Link test differs from link location in plaintext view is not visible in Thunderbird
I’m trying to intercept and decipher scripted code that is sent to a previously installed Windows application, after a user have clicked on a particular URL in their web browser which is somehow returning a MIME response that is intercepte… Continue reading How to intercept application specific MIME types used by 3rd party (Windows) browser/plugins apps?
What are the tools that a cyber security analyst needs to analyze the URL to determine if it is a suspicious/Malicious one.
Continue reading Tools to analyze if the URL is suspicious/Malicious? [closed]
Imagine I have this URL:
https://media.st.dl.pinyuncloud.com/apps/xyz/images/abc/
It exists and results in error 403, which means it exists but I cannot access it due to no privilege.
I want to bruteforce and find all the directories like… Continue reading Bruteforcing URL to find directory [closed]
I am working on the auto-routing functionality of Codeigniter 4 and I’d like to test it by sending some nasty exploit-type HTTPS requests to make sure it properly resists mischief. E.g., request a uri with .. in the path to see if we might… Continue reading How to create custom exploit https requests to test a PHP framework
We have done vulnerability analysis with third party security team. They have mentioned one point as critical findings but i don’t understand risk associated with it and suggested remedial action also bit confusing.
Finding : Same web appl… Continue reading What are the risks associate with accessing Same web application with two different URLs?
A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this?
I can think of some straight away:
Search engines migh… Continue reading Security implications of protecting private data with a long URI exclusively [duplicate]
Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week. Continue reading “Microosft”. Patch Tuesday goof points users to typo-bait website