All Questions
Tagged with malware web-application
49
questions
0
votes
0
answers
186
views
Adding a script tag after the html closing tag
I am still a beginner in web vulnerability. While I was browsing on the internet I saw a challenge inspired by a real life security crisis. We are given a pcap of a malware infection that was done in ...
1
vote
1
answer
1k
views
Is it safe to view video files on Google Drive online?
I have a video file on my Drive which is very old but I am not sure whether it's infected or not. Is it safe to view this MP4 on Google Drive (no downloading only viewing it in the Drive app)?
- 11
1
vote
2
answers
561
views
Vulnerabilities in Receiving User-Submitted PDF Files Through HTTP(S)
For context; I have a web application that allows users to upload a PDF file from which the web app extracts certain information by parsing it. The app then sends this information to another server ...
1
vote
2
answers
422
views
Is it possible to protect browser credentials from malicious processes?
What items should be considered to create a browser that prevents all access to stored credentials by a malicious process? Hardware attacks being out of scope.
Are there public projects addressing ...
- 193
0
votes
0
answers
129
views
Ad popups showing on personal website deployed on VPS
I have a Spring-MVC webapp deployed on a Hostinger VPS server (OS: Ubuntu 18.04, Apache2 + Tomcat servers). For some reason, every now and then, clicking on random regions within the web pages of my ...
- 1
2
votes
1
answer
1k
views
How to replace certain backup files on a website every 30 minutes? [closed]
I have a website built with WordPress, unfortunately somebody hacked it several times, deleted my adsense code and put his own adsense.
I tried many security techniques, changed database name, did ...
1
vote
1
answer
303
views
Wayback machine downloading a file called default.exe?
When I look up a site on wayback machine, I click through a couple of links on the site, and then instead of loading the page, it downloads a file called "default.exe".
Since I was expecting ...
- 1,310
0
votes
1
answer
171
views
Protecting my machine from running untrusted applications
I was big fan of the Toontown Online MMO when Disney used to run it so I was excited to learn that it had been revived by a fan or group for fans building on the original source code. During a recent ...
- 1
3
votes
2
answers
1k
views
Can a web page really log keystrokes on a different page shown later on the same tab (or a different tab)?
According to this Reddit comment, an advertisement on one page seems to be able to log a user's keystrokes on a different page (if I understand the comment correctly).
Is this really true?
Can an ...
- 793
1
vote
1
answer
132
views
Would it be a big security vulnerability if someone wrote a browser extension to retrieve personal information on Google's behalf?
I am a 6th grader working in a project and came across the following question:
On most browsers, you can inject JavaScript code into the browser, for example by typing in javascript:alert('Injecting ...
- 115
0
votes
2
answers
1k
views
Insecure File Upload on WebApps [closed]
I found a website where I can upload any file I want. Now what are the biggest threats for them if they didn't install PHP (so a php shell can be uploaded, but it won't execute)? I found no sign of ...
- 39
1
vote
0
answers
190
views
Unknown website tries to connect to my website [duplicate]
A few minutes ago an error popped up on my error tracing app. I'm hosting a Django app which has login system.
The error says:
Invalid HTTP_HOST header: 'www.moxing.one'. You may need to add 'www....
- 111
0
votes
1
answer
212
views
Someone is logging into my webserver [duplicate]
For a week someone has been logging into my webserver. Yesterday I mentioned this to the hosting company. They tell me to use an "IP blocker".
I am doing that, but today I looked for more logins. The ...
- 1
1
vote
1
answer
451
views
How to identify malicious Wordpress user agents
I have noticed our website, which is Wordpress based, gets frequent daily requests from other sites where the user agent is Wordpress and the other site is obviously an already hacked Wordpress ...
- 385
2
votes
2
answers
938
views
How safe is it to allow JS CDNs in a HTTP content security policy?
I am tasked with adding a content security policy to a whole bunch of Magento stores to protect against credit card scraping code, which can sneak in via the store admin or GoogleTagManager* when a ...
- 171