Stack Overflow
Stack Overflow

Questions tagged [websecurity]

Below things can be tagged in this Cross-Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection HTTP Protocol Violation Shellshock Session Fixation Scanner Detection Metadata/Error Leakages Project Honey Pot Blacklist SSL related question Link to learn more https://owasp.org/ Some questions or definitions https://techletterbox.com/2020/02/08/web-security/

380 questions
0
votes
1 answer

Can SVG have malicious content?

I don't know very details about SVG standard and it's extensions. But, I've have read, that SVG images can execute some scripts. Is it safe to display any (user uploaded) SVG image on site?
kravemir
  • 10,636
  • 17
  • 64
  • 111
0
votes
1 answer

How to get unsafe-eval compliant Fabric js and lodash js

Using lodash and fabric js in my application but both are not as per Content Security Policy (CSP). Showing error as: Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the…
Aju John
  • 2,214
  • 1
  • 10
  • 27
0
votes
0 answers

Reseting Wordpress Salt gives 503 Error

I've recently taken over a friends website that has been hacked. A lot of additional pages were added by third parties. So I did the usual: Change Passwords to something secure remove unused themes and plugins (There is no backup so I can't…
Brendan Robertson
  • 93
  • 1
  • 9
0
votes
1 answer

Ignoring path in WebSecurity config in Spring

I have the configuration @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/base/**"); } And I want to include for view from all paths just this path…
user6216601
0
votes
1 answer

Security of writing/retrieving data from JS through PHP

I have a web app that lets users make todo-lists, save them to the server and retrieve them by id (no login/user session, only id, so if you guess the id...). The ID is passed from Jquery to PHP via POST. If the ID is correct and not…
user2966013
  • 9
  • 1
-1
votes
0 answers

Sign Up/Login Session and Localstorage

I am working at a Website right now. To be more specific, at the Sign Up/ Login finctionalities. When it comes to the Sign Up, I have 2 forms, but the data isn't saved when switching to the other one. So my question is, if it is ok to save such…
Nico
  • 9
  • 3
-1
votes
1 answer

Can eval() be made safe by pre-parsing the passed expression?

I understand at a high level why one would not want to allow arbitrary code to execute in a web browser via the JS eval() function. But I wonder if there are any practical approaches to preventing attacks by parsing the code that is passed to eval()…
Erik Hermansen
  • 2,200
  • 3
  • 21
  • 41
-1
votes
1 answer

How do I find malware in my Wordpress Directory?

What are the most common hack files you would find in your wordpress directory. So far I have found huh.php, 365.php, le.php, back.zip, login.zip and a folder /pp with a bunch of fake php files. What else should I be looking for?
Herodney's Design
  • 19
  • 1
-1
votes
1 answer

SSL, how to forward the link of to website to SSL included version?

I have a little question about SSL. I have a website that we have purchased SSL and made some rewright rules in web.config. But the problem is, sometimes we can not redirect to https version. When we type the domain with https, it work perfectly,…
Baris
  • 121
  • 1
  • 3
  • 10
-1
votes
1 answer

Is http to https port forwarding a vulnerability?

I work in an organisation where a TMG server with port forwarding has been used successfully for a number of years to forward all http traffic to https for a particular web application. This meant that http or https would work on URLs for that web…
dev123
  • 25
  • 1
  • 9
-1
votes
1 answer

Does www and non-www domain have different SOP?

I came across a book named 'Mastering Modern Web penetration Testing' by prakhar parasad. It states that http://example.com and http://www.example.com are two different domain and will not follow SOP (same origin policy). now, I need to know what…
vikram singh
  • 49
  • 5
-1
votes
1 answer

Cisco AnyConnect "web security unavailable" - Mac OS High Sierra & Mojave

After upgrading my Mac OS to High Sierra or Mojave I've got this error message "web security unavailable" with a a big red X in the menu icon
Claude COULOMBE
  • 3,434
  • 2
  • 36
  • 39
-1
votes
1 answer

How does CSRF get access to information of some website to exploit security?

I have been trying to learn about CSRF attacks. I know that it is uses the credentials from a session of a valid site and use that session information from another site to make requests to the valid site. I want to know how anyone can access the…
pramesh
  • 1,914
  • 1
  • 19
  • 30
-1
votes
1 answer

ASP.Net: How to prevent runpage in _PageStart?

in _PageStart.[vb/cs]html how to prevent to running requested page? example: in _PageStart you check the roles of authenticated user and if is not in your special role, a message shown instead of running page? my code in…
PurTahan
  • 789
  • 8
  • 24
-2
votes
1 answer

Werkzeug password encryption

I am trying to encrypt a password using werkzeug library. I don't know what why i am getting pbkdf2:sha256:600000 for every any password i try to encrypt. Here's my code import werkzeug # from hashlib import pbkdf2_hmac x =…
Parth Pawar
  • 3
  • 1
1 2 3
25
26