python (65.2k questions)

javascript (44.3k questions)

reactjs (22.7k questions)

java (20.8k questions)

c# (17.4k questions)

html (16.3k questions)

r (13.7k questions)

android (13k questions)

Questions - client-side-attacks

XSS PoC: Hide Rendered Characters in DOM

I've started playing with XSS to better improve my security posture at work. I've been able to successfully exploit a reflected XSS attack using a redirected POST form, but I can't seem to remove the ...
test-img

FuegoJohnson

javascript

php

html

xss

client-side-attacks

Votes: 0

Answers: 1

Latest Answer

I eventually figured it out after hours of trial and error. The idea is to close the dangling tag with a separate tag: So the previous payload was: "><script>alert('Hello');</script&g...
test-img

FuegoJohnson

What are the things that need to be considered while deleting a resource through api

Consider a simple resource like products of web application. If someone gets hold of access token and the resource id they can easily delete a resource. How can we protect such attacks.
test-img

arya.s

security

web-applications

client-side-attacks

Votes: 0

Answers: 1

Latest Answer

For regular users, you shouldn’t grant delete privileges on tables such as products. This should be restricted to admin users. If your admin account needs to delete products over an API then yes if an...
test-img

mbakereth

Posts

Questions

Blogs

Jobs