Stack Overflow
Stack Overflow

Questions tagged [client-side-attacks]

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. -Source Wiki

56 questions
1
vote
1 answer

Python sharing a process or how to make an efficient brute force

I need to share this process by 16 processes. I am purchasing a parallella board for it which has 16 cores and runs at 90gflops. I am not going to do anything illegal. Just to prove my point that the use of password with 7 digit intgers is way too…
P.Andrews
  • 73
  • 1
  • 14
1
vote
4 answers

Radio buttons and checkboxes. Prevent changing of the value attribute

So you have a checkbox or a radio button with a predifined value to be sent to the database: But someone or a script, with bad intention can easily change the value of your checkbox/radio…
agaezcode
  • 168
  • 2
  • 2
  • 15
1
vote
1 answer

Nodejs is based on javascript, is there a posibilty the user can hack the code

For for my Understanding, I want to know if, since NodeJS is based on JavaScript, is there a possibility the end user can hack the code in a way that causes a security vulnerability. What I mean is since the NodeJS is JavaScript, and JavaScript…
RONE
  • 5,415
  • 9
  • 42
  • 71
0
votes
0 answers

How to detect cyberattacks to websites on ASP.net C#?

I have a challenging question to ask. Is there any way to detect cyberattacks and security breaches on asp.net website using C# codes and without using CloudFlare Services? I used the methods to collect error logs from the website and the server to…
Mohammad Genius
  • 49
  • 3
0
votes
0 answers

Network hacked - am I affected

The whole university network I am in was hacked and several computers where affected. On those computers files were encrypted. However, most of the affected computers ran Windows, while I am running Arch Linux. Is there a way to check whether my…
cerv21
  • 311
  • 1
  • 2
  • 11
0
votes
1 answer

Ways to secure API that do not require authentication, to be called only from one pre-defined consumer

I have currently developed a backend app that has some important functionalities. I want to consume my backend endpoints from my frontend but I want to be sure that only my fronted calls the backend endpoint and no other. Currently anyone that…
john bowlee
  • 125
  • 1
  • 11
0
votes
0 answers

I saw in my server logs requests to "/?1=". What is this? Some sort of an attack attempt?

I saw this "/?1=" in two different apps I have. I have seen some weird stuff before and found that those are attacks targeted at wordpress which I never use. So, I wonder if this request is another weakness something else has.
wormius51
  • 1
  • 1
0
votes
1 answer

Stop api abuse before user is authenticated

We have an Android app. Users need to login using sms based OTP before app can be used. Our request for OTP is public API. Attackers have started to abuse this API. 10x more API calls as compared to actual users. What are the different ways this can…
Thoughtful Monkey
  • 648
  • 2
  • 10
  • 24
0
votes
1 answer

XSS PoC: Hide Rendered Characters in DOM

I've started playing with XSS to better improve my security posture at work. I've been able to successfully exploit a reflected XSS attack using a redirected POST form, but I can't seem to remove the extraneous characters displayed on the page. I've…
FuegoJohnson
  • 372
  • 6
  • 18
0
votes
1 answer

What are the things that need to be considered while deleting a resource through api

Consider a simple resource like products of web application. If someone gets hold of access token and the resource id they can easily delete a resource. How can we protect such attacks.
arya.s
  • 111
  • 2
  • 11
0
votes
1 answer

What attacks can be performed on victim's machine after socket connection?

I have an assignment where i need to implement three attacks after socket connection with python. I already did socket connection and implemented ransomware and key logger. I need one more attack implementation. Can anyone suggest me one attack that…
Ekiddy
  • 3
  • 4
0
votes
1 answer

How to protect AJAX or javascript web application

This is a simple function that use AJAX and get information about an image in the database with id=219 when a button is clicked Anyone loading this webpage can change the javascript code by going to the source code. Then by clicking the button he…
ELA
  • 11
  • 5
0
votes
1 answer

How can I prevent Clickjacking attack on my Prestashop website?

I added the in header.tpl file ,but it not working and throws an error. X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside . And I also added…
Kumar R
  • 11
  • 2
0
votes
0 answers

Possible attack on mysqlServer ErrorLogs

Asking a question to you guys : I have my MysqlLogs with 200 000 + [Note] Access denied for user 'root'@'122.224.33.184' (using password: YES) With multiple Usernames ( Magento / root / Admin / user / developper /dev etc... ) the pick goes from 0…
Ggs
  • 181
  • 15
0
votes
1 answer

How to abuse XSS with specific criteria or filters?

I have found a web app that is vulnerable to XSS, and can get some javascript running using an img tag, however the method I am using destroys the rest of the page, as they are using some filters to attempt to stop it. The filters I have detected so…
frosty1
  • 13
  • 2
1 2
3
4