-
- Site: [https://student-admin-8878b4-test.apps.silver.devops.gov.bc.ca](https://student-admin-8878b4-test.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] tota…
-
i have installed bunkerweb using docker and enabled modsecurity and web app connected via reverse proxy.i executed script via GET request(alert(1)) getting blocked by modsecurity waf. similarly,i ex…
-
- Site: [http://18.224.170.245](http://18.224.170.245)
**New Alerts**
- **Server Leaks Version Information via "Server" HTTP Response Header Field** [10036] total: 8:
- [http://18.224.170.24…
-
- Site: [http://localhost:4000](http://localhost:4000)
**New Alerts**
- **Cross Site Scripting (DOM Based)** [40026] total: 2:
- [http://localhost:4000/login#jaVasCript:/*-/*`/*\`/*'/*"/**/(…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
# Problem
Certain compliance situations require us to prevent brute force password guessing for logins.
`UserPassBase` and implementing classes do not have a mechanism to prevent brute force passw…
-
- Site: [https://student-admin-8878b4-test.apps.silver.devops.gov.bc.ca](https://student-admin-8878b4-test.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] tota…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 5:
- [https://test.educationd…
-
# 跨域的重要概念
1. 同源:同协议、同域、同端口
2. 限制:`Ajax`无法发送;无法获取DOM;无法获取`cookie/localStorage/indexDB`
3. 不受跨域限制的元素:WebSocket,script、img、iframe、video、audio标签的`src`属性等
4. 方法:proxy;cors;jsonp
-
Hello,guy,i'm sorry to tell you that your project has so many XSS flaws.
first of all,the userlist module exists a storage type XSS,which will cause cookie Disclosure and Escalation of Privile…