|
You are here |
chefsecure.com | ||
| | | | |
www.michalspacek.com
|
|
| | | | | Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker. | |
| | | | |
m417z.com
|
|
| | | | | This is a story about Technion Confessions which begins with me being curious about the identity of the Technion Confessions admin, and ends up with me satisfying my curiosity by using an XSS vulnerability in the Technion course registration system and social engineering. | |
| | | | |
neilmadden.blog
|
|
| | | | | A message I'm very used to seeing - but does XSS have to mean game over for web security? There's a persistent belief among web security people that cross-site scripting (XSS) is a "game over" event for defence: there is no effective way to recover if an attacker can inject code into your site. Brian... | |
| | | | |
filipnikolovski.com
|
|
| | | A blog about programming, technology and open-source stuff. | ||