Collaborate Disseminate
Context: I received an email claiming an order has been shipped for a service that I am subscribed to but did not believe was due for renewal. I panicked and clicked to preview the attached invoice pdf (I previewed it using GMail’s viewer,… Continue reading Do I need to worry about infection from a .PDF from an untrusted sender previewed within GMail?
NOT a duplicate of: NoScript: How to determine which sites/scripts to whitelist?
The above referenced question and its answers focused on how to "gauge the trust" of the various sites that provide scripts. This is hugely valuab… Continue reading Noscript: Where in the browser’s ‘inspector’ can I correlate a script source site with specific page functionality
I spotted that there is no_of_login_attempts in browser Local Storage. I can easily edit it to 0 and then successfully login. So, what’s the point of keeping that info in client side(browser)?
Continue reading Its good idea to store number of login attempts in browser cache?
Since we are accessing Gmail from the Edge browser, Microsoft could have access to the Gmail password. Theoretically, Microsoft can track this password along with sending it to Gmail servers. What prevents Microsoft from tracking password … Continue reading What prevents a browser from saving and tracking passwords entered to a site?
I’m wondering: when the user changes their password or their e-mail address, should I expect the current password in the request body and verify it at my backend? The advantage seems to be that a stolen JWT doesn’t suffice to steal one’s i… Continue reading Changing credentials: Should I send the password next to the JWT?
I have a question which I didn’t find an answer for :
I have a request like https://mywebsite.com/redirect/**any website to redirect to it**
In the backend, there is a check, where if the website the redirect goes to is the same domain/sub… Continue reading I have an open redirect but it requires referer header
For example I am using the newest version of firefox and want to upload some pdf files to be merged into one at one of the website used to merge pdf. Would it be possible for the website to also upload some other something else in my folde… Continue reading Is it possible that a website is built in such a way that when I upload a pdf to the website, something else in my folder will also be uploaded?
There are several forks for Firefox like for example the Mullvad browser claiming to be a more privacy-friendly alternative to Firefox.
I do believe that the Mullvad browser does provide more privacy, but I am wondering if using a fork lik… Continue reading Using a Firefox fork like Mullvad browser more secure? [closed]
I read the network+ and basic linux , a little java script(i reading), html, python
But whenever I read vulnerability
I dont understand
I dont know where to work on vulnerabilities, what tools to work with, or I dont know which vulnerabili… Continue reading i need help in the web application
Is there a way to spoof browser fingerprint without websites being able to tell you have done it? This includes spoofing most or all types of known browser/device fingerprints such as canvas, audiocontext, etc and being able to pass the pi… Continue reading How to spoof browser fingerprint without it being obvious?