webserver – Page 2 – WindowsTechs.com

When viewing a hotlinked Google image preview, is the IP address of Google’s server recorded on the original site?

Posted on September 2, 2024 by Innodesign

When I click on a Google image thumbnail to view a larger preview, I understand that the image is hotlinked from the hosting site.
In this case, when I view the hotlinked Google preview image, is my IP address recorded by the original site… Continue reading When viewing a hotlinked Google image preview, is the IP address of Google’s server recorded on the original site?→

Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]

Posted on July 18, 2024 by Rudra Das

I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it doesn’t trigger any XSS). Here are the det… Continue reading Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]→

Execution profile for web server

Posted on May 19, 2024 by und3rd06012

I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let’s assume that someone has an (Apache) HTTP Server. What I am trying to do is to create pr… Continue reading Execution profile for web server→

JSON array payload POC for CVE-2022-24999

Posted on May 8, 2024 by cis

I’m currently exploring if one legacy project is vulnerable to CVE-2022-24999
I found a very helpful GitHub repo with POCs
However, in my case, I need to check if a payload passed in a JSON body to a POST request would get through. The rep… Continue reading JSON array payload POC for CVE-2022-24999→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server process this request and pings interac… Continue reading Command Injection in URLs. Are response codes foolproof indicator of true/false positive?→

Command Injection in URLs. Are response codes foolproof indicator of true/false positive?

Posted on May 1, 2024 by jakechowder

Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?

Posted on April 7, 2024 by 0xdead 4f

I’ve found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?

Continue reading Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?→

What are the reasons for CORS failure errors to not be available to JS?

Posted on April 5, 2024 by Ooker

From Cross-Origin Resource Sharing (CORS) – HTTP | MDN:

CORS failures result in errors but for security reasons, specifics about the error are not available to JavaScript. All the code knows is that an error occurred. The only way to dete… Continue reading What are the reasons for CORS failure errors to not be available to JS?→

Benefits of random responses to exceptions over generic error responses

Posted on April 1, 2024 by n-l-i

Attackers can send requests with data that the server does not expect in order to try to get responses that reveal secret data. One common example is when the server experiences an exception. A poorly configured server might include a deta… Continue reading Benefits of random responses to exceptions over generic error responses→

Webserver Runs on Android Phone

Posted on March 28, 2024 by Bryan Cockfield

Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a …read more Continue reading Webserver Runs on Android Phone→