Blogger Templates Skip to main content

Posts

Featured

PostMessage Vulnerabilities

PostMessage Vulnerabilities PostMessage() was introduced with HTML5 and can be a source of client side vulnerabilities. This page defines postmessage() and how you can do pen-testing on it. Concept The PostMessage API is an alternative to JSONP, XHR with CORS headers requests that enable sending data between origins. To understand PostMessage you need to know cross-origin communication in modern browsers. Cross-origin Communication Modern web browsers employ an important security mechanism known as the Same Origin Policy (SOP) that acts as a security boundary between web pages loaded from different “ origins ”. Same Origin Policy The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin.   the following table gives examples of origin comparisons with the URL http://store.company.com/dURL Outcome Reason http://store.company.com/dir2/other.html Same Origin Only the Path differ

Latest posts

Cracking WEP via a Client

Bypassing WEP Shared Key Authentication (SKA)

Offensive Wireless Security : ARP Request Reply Attack in Malayalam

Sensitive Information Disclosure (Source Code Path Disclosure)

Stored Cross-site Scripting in ElkarBackup 1.3.3 - CVE-2020-24924

Check out my Youtube Channel

NuLL_Br3aker_2020 CTF Writeup

How i Successfully failed Facebook Interview !!!

HTML Injection in Codoforum V4.8.3