Explore >> Select a destination


You are here

chefsecure.com
| | www.michalspacek.com
4.5 parsecs away

Travel
| | Stealing session ids from phpinfo() output has been a known technique for some time, and is used to bypass the HttpOnly attribute, which prohibits JavaScript from accessing a cookie marked as such (e.g. PHPSESSID). Ijust now thought of a solution that allows you to keep your phpinfo(): we'll simply censor the sensitive data, making phpinfo() lose some of its value to the attacker.
| | neilmadden.blog
3.2 parsecs away

Travel
| | A message I'm very used to seeing - but does XSS have to mean game over for web security? There's a persistent belief among web security people that cross-site scripting (XSS) is a "game over" event for defence: there is no effective way to recover if an attacker can inject code into your site. Brian...
| | www.miguelxpn.com
3.3 parsecs away

Travel
| | XSS stands for Cross Site Scripting, it's basically when input is not properly sanitized somewhere and a malicious actor can inject unintended javascript somewhere. That javascript will be executed by some unsuspecting user's browser and then bad stuff can happen.
| | b.fl7.de
22.5 parsecs away

Travel
| I have found a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com. This post explains the issue and describes a possible venue of exploitation.