Blogger Templates Skip to main content

Posts

Featured

PostMessage Vulnerabilities

PostMessage Vulnerabilities PostMessage() was introduced with HTML5 and can be a source of client side vulnerabilities. This page defines postmessage() and how you can do pen-testing on it. Concept The PostMessage API is an alternative to JSONP, XHR with CORS headers requests that enable sending data between origins. To understand PostMessage you need to know cross-origin communication in modern browsers. Cross-origin Communication Modern web browsers employ an important security mechanism known as the Same Origin Policy (SOP) that acts as a security boundary between web pages loaded from different “ origins ”. Same Origin Policy The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin.   the following table gives examples of origin comparisons with the URL http://store.company.com/dURL Outcome Reason http://store.company.com/dir2/other.html Same Origin Only the Path differ
Post a Comment
Read more

Latest posts

Image

Cracking WEP via a Client

Post a Comment
Image

Bypassing WEP Shared Key Authentication (SKA)

Post a Comment
Image

Offensive Wireless Security : ARP Request Reply Attack in Malayalam

Post a Comment
Image

Sensitive Information Disclosure (Source Code Path Disclosure)

Post a Comment
Image

Stored Cross-site Scripting in ElkarBackup 1.3.3 - CVE-2020-24924

Post a Comment

Check out my Youtube Channel

Post a Comment
Image

NuLL_Br3aker_2020 CTF Writeup

Post a Comment
Image

How i Successfully failed Facebook Interview !!!

Post a Comment
Image
Post a Comment
Image

HTML Injection in Codoforum V4.8.3

Post a Comment