Collaborate Disseminate
I’m trying to solve a CTF challenge that requires me to obtain the admin cookie through XSS. Here’s the situation:
-Main form: When I enter any input, it gets reflected in the page, but it is inserted inside an HTML comment. For example, i… Continue reading XSS CTF – How to execute payload inside an HTML comment (blacklisted words & encoded characters)
My web application has been deployed using Apache 2.4.3 and PHP 7.4.2, and it is hosted on a public DNS.
I received an advisory from a security firm indicating that my web application is being exploited by a malicious domain. Upon investig… Continue reading URL Redirection from Malicious Domain [closed]
The malware includes four separate backdoors:
Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users.
The four backdoors:
The functions of the four backdoors are explained below:
- Backdoor 1, which uploads and installs a fake plugin named “Ultra SEO Processor,” which is then used to execute attacker-issued commands
…
Continue reading Thousands of WordPress Websites Infected with Malware
I’m currently making a tracker blocklist and I’m curious about how to detect tracking domains. I tried to find anything useful about how these act or how to detect them but still nothing. I’m currently using the infos given by my browser w… Continue reading How do tracking domains work, and how can they be detected?
Does letting a website use the fonts on my computer post any security or privacy threat?
Example from https://acrobat.adobe.com/ accessed via Chrome on Windows 11:
acrobat.adobe.com wants to
Use the fonts on your computer so you can cre… Continue reading Does letting a website use the fonts on my computer pose any security or privacy threat?
I am trying to make my own version of the kajeet smart spot https://www.kajeet.com/smartspots
basically, what I plan to do is get a GLINet mobile hotspot.
then I will connect it to something like twingate for remote management.
next, I pl… Continue reading making a project similar to the kajeet smartspot
The chances are overwhelming, that you are reading this article on a web browser powered by some form of the Blink or WebKit browser engines as used by Google, Apple, …read more Continue reading Dillo Turns 25, and Releases a New Version
I am trying to teach my students about race conditions on the web, and for that purpose, I am using a simple bank example, in which we transfer an amount from person A to Person B’s account. If we use Burp and send simultaneous requests li… Continue reading Race condition in Python [closed]
I am scraping a website that is allowing the scraping of data, but the problem is that some tags have comment values. how to scrape comment tags?
Continue reading scraping of commented tags is making scraping difficult [closed]
As developers, Do you care about cybersecurity? And why?
If you will buy a security solution that will secure your web application, what will make you buy it?
Do you even care?
What does cybersecurity look like in your mind? How do you see… Continue reading Developers and Cybersecurity [closed]