Collaborate Disseminate
How do I bypass a regex filter that filters all html to avoid xss? I’ve tried using things like <img src="aa" onerror="alert(1)"> but still no luck. This is for a CTF challenge btw.
The regex is: <[\s\S… Continue reading How do I bypass a regex filter that filters all html to avoid xss?
I’m researching AI-based solutions to detect malicious web requests. I recently found this paper, showing that those web requests containing attack payloads are mostly malicious SQL injection/XSS attacks.
They carried out URL parameter ana… Continue reading What reasons can result in legitimate long Web/HTTP parameter values? [closed]
A company controls a domain and all subdomains.
Apps running on client1.example.com and client2.example.com etc. each issue cookies named something like client1_example and client2_example to their logged-in users. Each cookie value is a u… Continue reading What are the risks of a user compromising another subdomain when domain controlled by one entity
I am trying to implement a case where a user provides us some html code which is then stored in our database. We then retrieve the HTML from our database as a string. (We have no control over the user input)
I try to embed this html using
… Continue reading srcdoc attribute of iframes as a source of XSS attacks
I am pentesting a website and I found that I can inject code at value=""
<input type="text" id="search_1" name="keyword" placeholder="Search by keyword" value="XSS?" class=&quo… Continue reading Is this potential XSS exploitable?
For a test to find vulnerabilities I found the following code in a page and I am looking for ways to manipulate it:
<script>
func({
"key1": "value",
"object": {
"key2": &… Continue reading Injection inside double quoted section of script element
Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker controlled" via isTemplateObject.
These al… Continue reading Attack on a string created by a developer
I know that there are other recommendations like correctly encoding the JSON payload and using the correct content-type, however, my colleagues insist in that this is an additional good recommendation.
I have talked about potential double … Continue reading Is it a good and safe to recommend programmers that APIs always encode ‘<‘ in JSON payloads to ‘\u003c’ to prevent XSS?
I’m working on a website where there is going to be a lot of user generated content. As an WYSIWYG editor I’m using tinyMCE. As a template engine, I’m using ejs.
In order to prevent XSS I decided to use xss npm package.
I’m using these cus… Continue reading Is this enough to prevent xss?
I am having trouble finding information on the implications of using https: and data: as a source
for the directives in a CSP.
Example:
img-src ‘self’ https: data:;
Could someone some context around what these two sources mean and if the… Continue reading Content Security Policy https: and data: meaning