Questions tagged [websites]
Applications or informational pages, distributed via HTTP or HTTPS, using a web server. Pages are typically interconnected by hyperlinks and may contain forms or even entire applications.
270
questions
1
vote
0
answers
180
views
What's the origin of "A sequence has been discovered that could indicate a hacker attack. Your request can not be processed." error message? [migrated]
I'm working on a website for client that is setup on Joomla. While testing various forms, I noticed the following message on white background after submitting any of them with various data:
A ...
- 113
0
votes
1
answer
476
views
Is polyfill.io still an immediate threat?
Polyfill.io is malicious: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6
https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-...
- 111
1
vote
1
answer
28
views
LAN and external website [closed]
Consider a situation such as:
private LAN <-> firewall A <-> DMZ <-> firewall B <-> internet
(https://forum.huawei.com/enterprise/en/dmz-and-reverse-proxy/thread/...
- 11
-1
votes
1
answer
80
views
If a vulnerability is discovered on a website, is it better to contact the business owner or site designer/owner? [closed]
There are plenty of questions on this site about how to report a vulnerability (such as SQLi or XSS,) but none of them really answer my question of who to.
I understand for a big corporation (although ...
- 1,021
0
votes
1
answer
91
views
I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover
I have access to companies internal files through SSRF and Path traversal both but want to leverage it further to website takeover. Thus I can increase the impact and get more bounty then what they ...
2
votes
1
answer
323
views
Why would website block password manager auto-fill?
I use a password manager and have a browser plugin installed for it to simplify entering passwords into websites. I recently encountered a website (enterprise SaaS solution I use at work), which ...
- 271
0
votes
0
answers
124
views
Bypass Options -Indexes in htaccess to view content
My professor gave me this task and said "Easy" about it!
I don't know how serious is he!
The task :
I have a directory for example
www.example.com/items
The "items" directory ...
- 1
1
vote
0
answers
106
views
Newsletter Spam Attack - Somehow by not directly attacking?
Our website(shopify website) has been getting a bot attack on our newsletter subscription form. Not sure if emails are real or not but there is some from gmail and hotmail etc or some from weird ...
- 11
4
votes
1
answer
276
views
Suspicious indexing of non-existent pages
Just recently, the Google search engine started indexing my site with a crazy number of requests. When I logged into the console, 600,000 pages were indexed, and 919,000 more were not indexed. For ...
- 43
0
votes
0
answers
84
views
How to reproduce this CVE-2020-7774 parameter pollution vulnerability
While pentesting a website I came across yarn.lock file that contains an application dependency and I found this vulnerable library y18n v4.0.0 to CVE-2020-7774.
How can I reproduce the vulnerability ...
- 1
2
votes
1
answer
2k
views
How to know whether a VPN is blocking a website or a website is blocking a VPN
So I've got two VPN subscriptions, let's call them VPN A and VPN B. And I like going to a somewhat popular website, which I'll call Site C.
I'm a new customer to VPN B, and I've noticed that I can't ...
- 479
2
votes
0
answers
35
views
Server-side solution to protect from bots? [duplicate]
I have a website where a user needs to register with his mobile phone number. It is verified by sending a verification code by SMS, each SMS costs me €0,10.
I have already implemented a check that if ...
- 2,916
1
vote
3
answers
540
views
How do websites check that password hashes saved in the database are the same as passwords hashed client-side?
How do websites check that password hashes saved in the database are the same as passwords hashed and sent by a client?
I know that client-side hashing is not secure.
- 21
0
votes
1
answer
564
views
HTTPS/TLS security with an invalid certificate
I'm trying to use a site that's https but has it's own certificate, and when I add an exception it still shows it as unsecure, with an exclamation on the padlock and when I click the padlock it says &...
- 13
1
vote
1
answer
448
views
How do I best share a shared account's private key?
I made a website which among other things allows users to sign up to events. The HTML form is filled out and submitted, which automatically updates a google spreadsheet with all applications. This of ...
- 13