Questions tagged [url]
The url tag has no usage guidance.
229
questions
0
votes
1
answer
53
views
Under which situations is open redirection possible?
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=... to see ...
21
votes
6
answers
11k
views
Are Cyrillic characters a real threat?
I've seen people in security saying URLs with Cyrillic characters are dangerous. If you ever type such characters on a browser you'd see they break into crazy unrecognizable URLs that have nothing to ...
- 363
1
vote
0
answers
113
views
I clicked on a suspect link, whose base url was live (dot) tvstreaming4k (dot) com, during a live event. Is this a threat? [duplicate]
Edit: It has been observed that my question may already have an answer here How to check whether a link is safe or not? [closed] and here How do I safely inspect a potentially malicious website?. Even ...
- 121
2
votes
2
answers
3k
views
Steps after accidentally opening malicious URL with Android device
So I opened a malicious URL with my Android phone. It took some 20 seconds to dawn on me after which I put it on airplane mode. I didn't enter any info in the meanwhile.
I tried to see if I can assess ...
- 23
0
votes
1
answer
127
views
URL redirects properly to all URL protocols except https://www
I have a domain that properly redirects as expected to protocol https://newhavendisplay.com, except for https://www.newhavendisplay.com, which triggers the "This connection is not private" ...
- 3
1
vote
2
answers
280
views
DNS hijacking/poisoning effect on URL/URI and password manager autotype/autofill
A benefit to password managers, at least some of them, is that they can look at the URL and only use autotype/autofill when on the correct site, which can help prevent pharming since if instead of ...
- 13
1
vote
1
answer
337
views
Azure Shared Access Signature (SAS) token security
I'm learning Azure Storage and I am doing my best to make sure access from Internet is as safe as possible.
When I generate a connection string there is a SAS token embedded in the URL.
That token has ...
- 183
0
votes
0
answers
130
views
Auto-login to account with PII using a random URL
I have a booking system where passengers need to add information that is quite sensitive (passport details etc). When they book, I generate a (difficult to crack) reference number, which they use to ...
- 101
0
votes
1
answer
91
views
Clicking on links [duplicate]
We are often warned about clicking on links in emails from unknown senders. That got me to wondering about other situations. For instance, you are searching the web looking to purchase an item and ...
- 527
0
votes
1
answer
175
views
Sharing a text file via Amazon S3 link with random words numbers [duplicate]
I would like to share a csv file to two or more separate computers/users. They would be running our software program which reads this text file. This is just initial idea for feedback please.
To make ...
- 101
-1
votes
1
answer
3k
views
can my ISP know which urls i'm visiting? If so then how to prevent it? [duplicate]
i'm using latest version of microsoft edge browser on windows 10 PC and i'm in India. I use cloudeflare DNS. i Checked my browser security on https://www.cloudflare.com/ssl/encrypted-sni/ and got this ...
- 35
0
votes
1
answer
150
views
Where could I find a list of keys not to use for DES encrypting
We have a process that encrypts a URL, it uses DES encryption. I suspect someone may have figured out the key and is decrypting it to crawl information. This was set up many years ago, I just want to ...
- 119
0
votes
2
answers
618
views
Parameter vulnerable for HTML injection but cannot exploit because of URL encoding
I found a HTML injection vulnerability but there is an issue.
The following request returns the following:
curl "https://redacted.com/xss/para?meter="><h1>Test\</h1>"<...
- 11
32
votes
5
answers
7k
views
Is there any security benefit from emailing a "secure link"?
Sometimes I receive email messages from organisations I'm involved with saying something like:
Alice at AnyCo has sent you a secure message
Along with a link to access said message. Sometimes I'm ...
- 2,027
0
votes
2
answers
224
views
What are the vulnerabilities of exposing url end point param?
I have a wordpress plugin that helps create an organization chart/tree and then generates a URL where the chart is available to be viewed by the public?
Inside the plugin's view in WordPress dashboard....
- 103