/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

chefsecure.com
| | www.michalspacek.com
4.5 parsecs away

Travel
| | Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker.
| | m417z.com
4.8 parsecs away

Travel
| | This is a story about Technion Confessions which begins with me being curious about the identity of the Technion Confessions admin, and ends up with me satisfying my curiosity by using an XSS vulnerability in the Technion course registration system and social engineering.
| | neilmadden.blog
3.2 parsecs away

Travel
| | A message I'm very used to seeing - but does XSS have to mean game over for web security? There's a persistent belief among web security people that cross-site scripting (XSS) is a "game over" event for defence: there is no effective way to recover if an attacker can inject code into your site. Brian...
| | filipnikolovski.com
30.0 parsecs away

Travel
| A blog about programming, technology and open-source stuff.