Collaborate Disseminate
I’m learning about XSS attacks and need some assistance as I’m not that good with JavaScript or other ECMA-based syntax.
My local server integrates anti-CSRF tokens via the XSRF cookie value. This cookie does not have the httpOnly flag set… Continue reading How can I scrape the XSRF cookie value to bypass CSRF protection?
We have an application which have purchased from a 3rd party and host in our own environment. The application consists of its own UI and back-end, and is included in our own application through an iframe.
During a recent scan by our securi… Continue reading Prevent XSS in 3rd party (self hosted) application
Say I make a social-media website and forget to include the htmlspecialchars() function.
If the website uses infinite scrolling (that will eventually show every post on the website if you scroll down far enough), and somebody exploits the … Continue reading XSS on infinite-scrolling pages
I came across a very interesting case:
The user uploads a file
The file contains <script>alert(2)</script>
The web app shows the file’s content to the user -> the XSS payload is executed
The file is not stored in any way, s… Continue reading Is an XSS via Cross-Site File Upload (CSFU) practically exploitable?
By Saad Rajpoot
The Chess.com vulnerability could have been exploited to access any account on the site including the administrator account.
This is a post from HackRead.com Read the original post: Vulnerability in Chess.com allowed access to 50 Millio… Continue reading Vulnerability in Chess.com allowed access to 50 Million user records
I am trying to do XSS on some websites mentioned in hackerone. So in some web applications, the server sanitizes angular some special characters. What can I do so that the server won’t sanitizes it and it will also work.
I have been going through OWASP guidelines on managing JWT based authentication. So, I have decided to change my current JWT implementation as per that.
Flow is as below.
When authenticated successfully,
Generate accessToken as JWT also a… Continue reading JWT implementation and protection against CSRF and XSS
I am new on pentest and I do not know if is possible to invade a website with this http route-to="/admin/"
If it is possible, I need use sqli, xss or xxe, what I need to hack this website and how I use the sqli, xss or xxe?
… Continue reading how to hack a website with login [closed]
I found this.
set varxss=^& ping www.google.com
I noticed, this:
Instead of storing the result, it really executed the ping call.
So, by doing
set delsy=^& del c:\windows\system32\hal.dll
Then:
echo %delsy%
Will run del c:\wind… Continue reading Batch ECHO XSS – What Are The Risks [closed]
Just as the title suggests. I have a PasswordStealer on my PC and I’m afraid that it can do that. AFAIK, that malware can record keystrokes and steal saved passwords which I don’t mind because I don’t store passwords anywhere and I don’t t… Continue reading Can a malware steals my Facebook c_user, xs, and datr Cookies?