typeofweb.com
innerHTML, czyli najbardziej banalna furtka do XSS | Type of Web
https://typeofweb.com/2016/09/11/innerhtml-furtka-do-xss
InnerHTML, czyli najbardziej banalna furtka do XSS. Bardzo często popełnianym błędem, na który zwracam uwagę praktycznie w każdym kolejnym Weekly JavaScript Challenge, jest niewłaściwe wykorzystywanie. Ten wpis chciałem poświęcić tylko i wyłącznie tej właściwości oraz zagrożeniom, które płyną z jej nieprawidłowego wykorzystania. Będę analizował konkretny przykład kodu z nadesłanego rozwiązania i pokażę jak przeprowadzić prosty atak na ten kod. Zapraszam! Atak, który tutaj pokażę nazywa się XSS. Bezpiecze...
urdusecurity.blogspot.com
Web Security | Pentest
http://urdusecurity.blogspot.com/2014/04/xss-chalenges-bypass.html
XSS Chalenges bypass HACK. Urdu Sec Hacking,Pentesting,Exploiting. Hacking, sql injection, how to, hack facebook, javascript, seo, python. Saturday, 26 April 2014. Hello friends, Just Wanna Share Some of My solutions for XSS CHALENGES BY Erling. And i Hope You'll Try to Solve Them By YourSelf Too . Return ' script console.log("' s '"); /script ';. Here is no encoding So I'm just gonna Close log. And Then Calling alert Function. Solution : ");alert(1)/. Escaping scheme courtesy of Adobe Systems, Inc.
rephrase.net
The Whole World Burns
http://rephrase.net/momentary
The whole world burns. Bedford and the Normalization of Deviance. Fascinating article about a Gulfstream crash and the succession of seemingly unbelievable pilot errors preceding it. But these errors make sense in a culture where failing to follow correct procedures has been normalized:. People within the organization realize that their seemingly normal behavior was deviant. Like typosquatting, but caused by bit-flipping. Interesting! History of the Movie Trailer. Incorrect application of JBIG2 compressi...
podlipensky.com
podlipensky - Author at Pavel Podlipensky
http://podlipensky.com/author/podlipensky
Published on June 9, 2015 by podlipensky. After taking Andrew Ng’s class. And reading couple books about machine learning. I finally found time to do something with it. This was my first Kaggle competition and it was really fun! The problem was to find robots in some penny-like online auction. The data consists of a list of bid events (auction id, user id, time, IP, country) and a table with the bidder id’s, the hashed contact and payment information and whether the bidder is a robot or a human. Period 1...
friendsglobal.com
Playing with XSS | Security Ramblings
http://www.friendsglobal.com/xss/119
Want to learn more about XSS attacks – well the best way is probably to try some yourself. Here are two sites that offer XSS games that allow you to test and improve your skills. Https:/ xss-game.appspot.com/. Http:/ escape.alf.nu. One of my favorite strings to use in testing XSS when I am doing pen testing is the following:. Iframe src=/ www.youtube.com/embed/dQw4w9WgXcQ /iframe. BTW, to keep the link from rendering, I had to HTML endode. To > and change the & in < to &. This entry was posted in XSS.