Collaborate Disseminate
In the past few days, I tried to bypass CSP on a specific site.
I have a site that I successfully managed to trigger a XSS vulnerability. The problem is that I have CSP that blocks my js from triggering, I’m pretty sure that this CSP polic… Continue reading Content Security Policy bypass [closed]
I have an application that stores the id_token in the localStorage of the browser.
Since there is no CSP and Web Storage does not have the same protections such as cookies (HttpOnly, SameSite) this "feels wrong" to me.
Unfortunat… Continue reading What can attacker do with OpenID Connect id_token?
I was trying to test a potential XSS vulnerability on a website. On the search bar I can see the filtering process happening i.e if I type script> (not with starting <) I can see the same in the searching column just below the search… Continue reading XSS payloads getting filtered but HTML tags are getting rendered. Can we exploit this? [duplicate]
A number of publications in September warned about the emergence of “Groove,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. Continue reading The ‘Groove’ Ransomware Gang Was a Hoax
I have a question regarding the element. I know that this element has been deprecated for a long time, but during a penetration test, we inserted the following attack vector into a textarea:
<plaintext onmouseover="(function(){ co… Continue reading Is <plaintext> vulnerable to XSS
When im doing a penitent, I noticed the application takes the user input and put it in a tag. When I used the string of ”;!–"<XSS>=&{()}, I noticed the returned output (when viewing in page source) is ”;!–"<… Continue reading XSS in <span> where only < and > are encoded
Just want to settle a debate I’m having with someone.
Suppose there is no SOP. Via an XSS exploit, code can run on website A.com and submit an XHR request to B.com. Suppose B.com stores an auth token in an HTML page (maybe to interface wit… Continue reading Does SOP prevent a class of CSRF attacks?
A feature in Apple’s AirTag location-tracking devices can be abused to deliver malware or steal credentials from the unwitting Good Samaritan who is trying to locate an AirTag’s genuine owner.
Read more in my article on the Hot for Security blog. Continue reading Beware poisoned Apple AirTags that exploit unpatched “Lost Mode” flaw
When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the cybercriminal underground. Before going dark, the Russia-based gang attracted attention from the White House for two attacks that disrupted U.S. supply chains: the May breach at global meat supplier JBS that netted a reported $11 million payment, and a July hack on the software company Kaseya that immobilized hundreds of clients, some for months. REvil’s sudden disappearance left hackers that had been leasing out the group’s ransomware tools to conduct their own attacks, also known as affiliates, in the lurch. Almost immediately, several affiliates opened arbitration cases against the group on illicit forums. One hacker “Boriselcin” claimed on the XSS forum that the REvil owed him money before it disappeared. While the two parties quickly resolved the case, not all disputes end so quietly, according to researchers who study dark […]
The post Ransomware gangs are starting more drama on cybercrime forums, upending ‘honor among thieves’ conventions appeared first on CyberScoop.
I have the following JavaScript context:
initData.defSymbol = "XXX3XXXX";
The XXX3XXXX is input controlled.
In case I make, XXX3XXXX" I get XXX3XXXX\"
In case I make, XXX3XXXX</script> I get XXX3XXXX<\/SCRIPT… Continue reading How to escape a javascript context in this case?