Using Cookies For Selective DoS and State Detection: “
28 posts left….
This is a continuation of he first post where we described how you can use cookies to DoS certain portions of the website. After our speech one of the Mozilla guys came up to us and described another attack that arises from this. Let’s say when a user logs in it sets a cookie that is 200 bytes long, and when they log out it re-sets the same cookie to 50 bytes. Well if the attacker can set a cookie with a particular path to a single image on the site, for instance, they can use JavaScript to check with an onerror event handler to see if the image has loaded.
Read more…
Categories: Website Security Tags: Aspx, Attacker, Exploit, Logout, Maximum Size, Org Web, Parent Domain, Perspective, Prevention, Real Solution, Reportabuse, Scoped, Scripts, Security Lab, Sokol, Target, Web Application Security, Web Server, Web Servers, xss
Quick Proxy Detection: “
32 Posts left…
Just a quicky post on how in Firefox you can detect proxies using image tags. Firefox (and possibly other browsers but I first saw it in Firefox) use [ ] to denote IPv6 (I believe that’s it’s original intention anyway) but it also works in IPv4.
Read more…
Categories: Tutorialz Tags: Apache Proxy, Domain Requests, False Positives, Image Tags, Intention, Org Web, Proxies, Robots, Security Lab, Syntax, Web Application Security
The Top 10 Web Application security vulnerabilities
Read more…
Categories: Servers, Tutorialz, Website Security Tags: Common Security, Critical Web, Cyber Security, Example Web, Html Page, Input Data, Open Web, Owasp, Proper Html, Query Parameters, Security Problems, Security Project, Security Vulnerabilities, Swingset, Top Ten Security, Web Application Security, Web Applications, Webgoat, Writeln, xss