Home » Information Security » Page 3
I'm wondering if my ASP.NET Web API had an XSS vulnerability as my
controller didn't have a method to handle the default GET call.
Without the GET method being handled in the code a call
to/api/mycontroller/?<script>alert('hi');</script> would
result in: {"Message":"No HTTP resource was found that matches the
request URI 'http://localhost:8888/api/mycontroller/?'.",
"MessageDetail":"No action was found on the controller 'MyController'
that matches the request."}Note that
Im trying to XSS a search field and my attack vector is getting
reflected like this:<input type="text" id="txtRpHiddenKeyword"
style="display: none;" value="ATTACK VECTOR HERE" />Only
double-quotes are allowed and angle brackets are encoded therefore i
can only use eventhandlers to execute my JavaScript. Problem is that
display is set to none therefore onMouseOver onClick etc wont work so
my question is that, are there any other event handlers that apply to
hidden elements ?
I have a hash thingy I am trying to decode and I have done relatively
little with encryption, though I would like to try to learn some
more.The hash is: 1YMTpavsFq7ykllC3CCsg3e1li31re1nROxuW1wqIqpk and I
have no clue what to look for. I already tried MD5 (it failed) and I
am going to try AES256, SHA-256, and AES-CBC.I believe it may have
something to do with SSL, though I'm not sure.EDIT: I believe this may
affect the decryption of some data that
followed:U2FsdGVkX18yMLwr6K3OxZrCLbKMDPi+
Greetings.How much can I depend on Tor for anonymity? Is it completely
secure? My usage is limited to accessing Twitter and Wordpress.I am a
political activist from India and I do not enjoy the freedom of press
like the Western countries do. In the event my identity is
compromised, the outcome can be fatal.
I'm trying to configure ssh agent forwarding. The workstation that
starts the connection is a Windows, the intermediate and second hosts
are Linux.On Windows, I managed to make it work using PageAnt. But I
don't like the fact that once a key is loaded, there is no way to lock
it and force a user to re-enter his password after a few seconds for
instance.So I tried to open the private key using Putty (Menu
"Connection - SSH - Auth"), without PageAnt. This would be a good way
to do it because y
We use Google Authenticator and SMS for two factor authentication.
Should we allow the administrators of the site to turn off TFA for
users?Google Auth uses SMS as backup option but SMS does not have a
backup and when the user cannot receive SMS for whatever reason he/she
cannot login. I know we can backup SMS with voice calls but these
situations might still arise.
Is it possible to steal a non secure Cookie (Secure Flag is false)
when the Web Server (IIS) only allows Https?
I'm in charge of a product security in our US based startup and I plan
to use NaCl for encryption (well, Sodium, actually).I'm trying to
navigate the labyrinth of US export regualtions - something I never
dealt with before. By now I'm aware that encryption export from the
United States is governed by the EAR and BIS. This latter classifies
software containing encryption, and assigns each product to an ECCN
(export classification control number) category.I'm not asking for a
legal advice he
I am new in cryptography, and while learning a different questions pop
up in my mind. Here is one of them. For someone who has a key and
ciphertext, is it possible to find out what encryption algorithm was
used?
I am wondering if it is safe to send "id token", which is one of the
items that are result of authenticating a user using Google Open Id
Connect, to the client and use it for further authentication.The other
item that is significant is the access token. My idea was to send the
id token to the client, and keep access token only on the server, so
that when a user comes next time to the website they can "present"
their "id token" and be considered as logged in.I was wondering if it
is a bad i

- Technology - Languages
+ Webmasters
+ Development
+ Development Tools
+ Internet
+ Mobile Programming
+ Linux
+ Unix
+ Apple
+ Ubuntu
+ Mobile & Tablets
+ Databases
+ Android
+ Network & Servers
+ Operating Systems
+ Coding
+ Design Software
+ Web Development
+ Game Development
+ Access
+ Excel
+ Web Design
+ Web Hosting
+ Web Site Reviews
+ Domain Name
+ Information Security
+ Software
+ Computers
+ Electronics
+ Hardware
+ Windows
+ PHP
+ ASP/ASP.Net
+ C/C++/C#
+ VB/VB.Net
+ JAVA
+ Javascript
+ Programming
Privacy Policy - Copyrights Notice - Feedback - Report Violation 2018 © BigHow