Collaborate Disseminate
I wanted to know if it is possible to exploit the fact that in my webapp the Referer header of a request is being reflected in the response.
For example:
GET /endpoint1 HTTP/2
Host: mysite.com
Cookie: session=3276372
Referer: evil.com
As a bug bounty hunter, I was looking for more resources about JSON and sanitazation.
I stumbled accross this type of vulnerabilties:
JSON injection link
JSON data type input manipulation (ex: boolean; true or false working on any input)
… Continue reading about JSON hacking [closed]
Why ChatGPT is not allowing to intercept the traffic in BurpSuite? What type of security they are using to detect it and not allowing it? As soon as I turn ON foxyproxy (intercept still OFF) I get 403 Forbidden response. I want to learn ab… Continue reading How to intercept ChatGPT requests/response in BurpSuite? [closed]
Let us assume that we have a public API, for example, company.com/publicEndpoint, that can accept requests from any source. Various websites, like foo.com and bar.com, use JavaScripts that call this endpoint to retrieve a list of strings, … Continue reading Is there any secure way to make sure that a request comes from a browser and via a specific domain (by just using frontend)?
Currently I am working on an application that requires secret keys to encrypt and sign information generated by the client and transmited over the wire, these keys are granted per user.
Currently when the user logs in, the keys are downloa… Continue reading In a web application, what would you consider the best way to store secret keys obtained via an SDK?
On Telegram, I discovered a bot that performed this task and later added further features.
Continue reading chatgpt can be released to answer "prohibited information" [closed]
I need to prepare my web app for a penetration test. The scenario is: If one of our windows users is hacked, what can the hacker do to my app and my database?
I have a virtual machine on our server, which holds a SQL Server Express and a d… Continue reading How to secure a SQL Server database (windows auth) against a network windows user (penetration test)
I would like a comprehensive explanation of the security and privacy risks that come with DNS prefetching. There are already other posts about this topic, but I want current information and feedback on my concerns. Thanks in advance.
The H… Continue reading How does DNS prefetching endanger security/privacy?
I’m developing an ASP.NET Core 7 MVC Web App. I’m using ASP.NET Core Identity library to manage user and role data. I am considering using SQLite for keeping Identity information, separate from my actual database which is a PostgreSQL data… Continue reading How Secure Is It to Use SQLite for Identity Storage in a Web App
I want to render my app menu hover with WebView Page
I can able to run webview from js function window.open or Cordova.open
But its coming without App slide Menu, how to achieve it?
Slider Menu with Window.open Webview?
I have directive m… Continue reading How to display ionic menu hover with WebView?