Outer Web | Explore

Explore >> Select a destination

You are here		blog.atx.name Don't just bind to localhost - atx
\|	\|	nv1t.github.io ProjectSend - Stored XSS to Account Takeover	5.3 parsecs away Travel
\|	\|	I've identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities - including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation - an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link. But let me explain the attack in detail.	5.3 parsecs away Travel
\|	\|	ananthakumaran.in Tracing HTTP Requests with tcpflow · Anantha Kumaran	3.4 parsecs away Travel
\|	\|		3.4 parsecs away Travel
\|	\|	aarol.dev How do HTTP servers figure out Content-Length? - aarol.dev	2.9 parsecs away Travel
\|	\|	Anyone who has implemented a simple HTTP 1.1 server can tell you that it is a really simple protocol. Basically, it's a text file that has some specific ...	2.9 parsecs away Travel
\|	\|	shibumi.dev How I moved from Nginx to Caddy	27.1 parsecs away Travel
\|		How to move your nginx webserver configuration to a more modern webserver called caddy. Caddy has several advantages like automated TLS	27.1 parsecs away Travel