Collaborate Disseminate
Hi i´m a frontend developer and next week we will have a security audit i need to be sure that frontend side is secure and dont have vulnerabilities, so my question is, ¿What would you recommend or wich topics do you know about frontend se… Continue reading Security frontend side
There’s a webstore that i am trying to find a XSS vulnerability for BUG BOUNTY.
On that store is a search bar that i can send anything
https://www.examplestore.com/blog/?s=</title><script>alert(1);</script>
But even if i… Continue reading Why can’t we close some tags for cross site scripting purposes?
I was wondering if a stored cross-site scripting attack is possible if the user input is not saved.
If a website is vulnerable to an xss attack, can someone put in a code or something that stores a script?
Continue reading is a stored xss possible if user input is not saved?
Introduction:
We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we’ve identified two primary XSS prevention strategies:
Interpolation ({{ }})
Direct Sanitization with DomSanitizer.saniti… Continue reading Security in Angular: Addressing XSS Concerns with External Libraries and Interpolation
In the book Javascript for hackers, Gareth Heyes overwrites the window.onerror method with eval, used to execute a function.
From my understanding, the following snippet run in a browser console should pop up an alert with the number 1337…. Continue reading How to abuse the onerror method to get XSS?
I’m looking for a list of some (or if possible all) of the different Unicode variations of quotation marks that browsers actually interpret in HTML/JS that would let me break out of a method and deploy an XSS payload. The closest I can fin… Continue reading For XSS what Quotation marks can be used?
Have some confusion regarding safe sinks in javascript.
The DOMpurify library linked in the OWASP article does not explicitly mention the .files and .valueAsDate of an HTMLInputElement as safe sinks, but the more common .value is a safe si… Continue reading Safe Sinks js confusion
Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery.
The post Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery appeared first on … Continue reading Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery
By Waqas
Key Findings ProtonMail, a popular Swiss-based email service that markets itself as a secure and private alternative to…
This is a post from HackRead.com Read the original post: ProtonMail Code Vulnerabilities Leaked Emails
Continue reading ProtonMail Code Vulnerabilities Leaked Emails
What are the risks to allow a "blob:" directive to the script-src CSP? Is it safe?
I have a list of allowed domains defined in script-src, but nonetheless I got an error specifying the violation of the CSP directive when trying t… Continue reading CSP script-scr blob