-
B10830027之漏洞回報
攻擊者學號:B10715029 @ywChen-NTUST
被攻擊者學號與網址:B10830027 @mandy900619 https://demo.mandy.social/
漏洞類型:服務異常
漏洞描述
網頁進不去
PoC
漏洞描述
可繞過之前的 XSS Patch 執行 JS 並進行 CSRF 攻擊。
攻擊者可以在留言板上留下以下 POC,如果有登入中的 Admin 打開留言板即會自動更改標題。…
-
CG: https://www.w3.org/community/hb-secure-services/
CG Report: https://rawgit.com/w3c/websec/gh-pages/hbss.html
-
## Feature Request
### Description
Actually move all inline code to proper file because for now maintaining the "best practice" CSPv3 mean something like that : my csp to work and have the "best p…
ghost updated
2 years ago
-
[https://github.com/mozilla-services/websec-check/blob/main/rust.md](https://github.com/mozilla-services/websec-check/blob/main/rust.md)
See: https://github.com/mozilla-services/contile/issues/28
┆I…
-
New charter proposal, reviewers please take note.
# Charter Review
[Charter: Web Applications Working Group Charter](https://www.w3.org/2019/webapps/charter/draft-charter-2021.html)
This is a…
-
`resolution_fixed` `type_defect` | by cyrus@daboo.name
___
1) Go to
.
Note how the names of the days in the "Week View" table are off (the first
one is 'Saturday' but it should be 'Sunday').
…
-
Why does the CPS validator here on this website gives https://cspvalidator.org a false result, when I check this on the website
https://csp-evaluator.withgoogle.com/
end on this website
https://…
ghost updated
2 years ago
-
Can someone:
- [ ] turn all the many references in this article to actual links (On all tabs).
- [ ] While you are at it, can you make sure the links are still valid and remove any that are not.
- …
-
I have tried my Luck but could not find how to add ModSecurity to existing running nginx.