Collaborate Disseminate
Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a canned ‘hackers can steal your credentials if you do’ explanation) Cross-Site … Continue reading Tackling cross-site request forgery (CSRF) on company websites
How is it possible to block reflected XSS on common web servers, such as IIS, Apache HTTP Server and Nginx?
The Content-Security-Policy: reflected-xss filter doesn’t work on latest Chrome and X-XSS-Protection was removed from latest Chrome… Continue reading Blocking reflected XSS on common web servers
I’m testing a web app (for which I have permissions) and I found a stored XSS vulnerability.
It is a little bit tricky to exploit because the input:
is being capitalized
it has a length constraint of 61 characters (every char over the 61t… Continue reading Stored XSS Cookie Stealing – shortest payload
I’m studying and I really need some help, I’ve this code:
$param1 = strip_tags($_GET[‘var2’], ‘<>’);
I’m trying all kinds of things, like:
$_GET[‘var2’] = "Hello <img src=x onerror=confirm(1)"+"\xA9";
OR
$_… Continue reading XSS strip tag bypass [closed]
Is it possible to perform an SQL injection inside an XSS attack?
And if so, where can I find information on this or some examples?
As part of bug bounty, I have a PATCH request to the API to change my name.
I can post theses chars:
:
;
‘
*
`
=
#
/
[
]
(
)
This is the HTML result :
data-cy="label-input__input" value="My injection :;’*`=#/[]()" clas… Continue reading Is possible ot create XSS with theses chars?
Is it possible to read and extract HTTP request headers via JavaScript?
i.e. something like;
var req = new XMLHttpRequest();
req.open(‘GET’, document.location, false);
req.send(null);
var headers = req.getAllResponseHeaders();
console.log(… Continue reading Is it possible to read and extract HTTP request headers via JavaScript while performing XSS & CSRF? If so, how?
As a security engineer, I wonder about the common approach for web app 3rd party JS dependency vulnerability management. We have a lot of apps depend on Jquery etc. In a regular vulnerability scan, old versions of JS libraries (which alot … Continue reading web app 3rd party JS dependency vulnerability management
I have located an issue where the user can provide an HTML that will be rendered on a page. Unfortunately, the HTML is rendered inside an href attribute using "(quotes), making it impossible to exploit such scenarios as:
<a href=ht… Continue reading Will javascript execute which is in an HREF?
If I put a breakpoint on a Javascript function when I visit a web page and I examine a JS variable that variable contains the cleartext password just for a brief period of time.
I found an XSS and I want to access to the content of that va… Continue reading Access to a js variable which visible for a brief period of time via XSS