Collaborate Disseminate
I was reading some stuff about HTTP2/HTTP3 and I was trying to understand, where can i see these two types of HTTP in action?
For example, will HTTP2 be more common to see on a simple website like a blog or webpage and HTTP3 will be more c… Continue reading Where can I see HTTP/2 and HTTP/3 in action? [closed]
I want to know client information when accessing my website as an identifier so I can filter who are deserve to access my website.
So far I only know this useful information from client those are User-Agent and Client Public IP Address.
Wh… Continue reading What are the most common client info when accessing website?
I tried the below command using gobuster with the option ‘-x’ and tried to pass a list of extensions in a file:
gobuster dir -u TARGET_URI -w /usr/[…]/dirb/common.txt -x /usr/share/[…]/raft-small-extensions.txt
When I tried the above … Continue reading How to pass a list of extensions as a file to enumerate files/directories based on extension using gobuster? [closed]
It’s the holiday season, and what better way to celebrate than to carve out some generative snowflakes on your laser cutter? [Bleeptrack] has developed a web-based tool that creates generative …read more Continue reading Laser-Cutting A Flurry of Generative Snowflakes
I created this flask script where it locks a page and looks to see if the code is correct, if its correct they get access, but if not it says incorrect code try again.
This is my code
from flask import Flask, request
app = Flask(‘app’)
@a… Continue reading Could my flask code be exploited in any way? [closed]
Context
A small web application with REST API and postgres as db, that has users, documents and teams. A user can do basic CRUD operations on document.
A user is always a part of a team. A team is generated on user signup. A team has at le… Continue reading Any obvious pitfalls of modeling access control policies using subject, scope, object?
I was trying to exploit the constantize method in ruby for remote code execution. for example I have this line code:
@mygroups = params[:group][:type].constantize.new(params[:group])
and in the request I sent the following payload:
group%… Continue reading ruby on rails constantize exploitation
I was solving a CTF. Just reading the source code of the web page, I found a vulnerable piece of code:
var r4c='(.*?)’;
var results = location.hash.match(‘token\\(‘+r4c+’\\);’);
I am unable to match any string with ‘token\\(‘+r4c+’\\);’… Continue reading XSS in location.hash.match() function
I’ve read about the XST attack, but the demonstration is just using a CURL or change the HTTP method to "TRACE" in the request.
Could anyone show me the POC/demo of how the attacker could stole victim’s cookie using the XST vulne… Continue reading take advantage of XST attack to steal other user’s cookie
I am still a beginner in web vulnerability. While I was browsing on the internet I saw a challenge inspired by a real life security crisis. We are given a pcap of a malware infection that was done in 2014 (Neutrino though adobe Flash).
App… Continue reading Adding a script tag after the html closing tag