|
You are here |
zhero-web-sec.github.io | ||
| | | | |
labanskoller.se
|
|
| | | | | During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw... | |
| | | | |
tom.vg
|
|
| | | | | [AI summary] This article explains cross-site and browser-based timing attacks that allow attackers to infer sensitive information from response sizes using side-channel leaks in web browsers. | |
| | | | |
positive.security
|
|
| | | | | Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point. | |
| | | | |
www.commonplaces.com
|
|
| | | Ensuring that your website is secure should be a priority. Here are 8 essential things that you can do to safeguard your website right now. | ||