-
-
- 보안
- XSS
- SQL Injection
- 인증
- cookie
- session
- JWT
-
To help us diagnose issues efficiently, please include:
[x] A short but descriptive title
[x] A detailed description of the problem including relevant software versions and steps to reproduce
O…
-
Escape the standard input and check if it tries to access any memory location
-
- Site: [https://172.17.0.1](https://172.17.0.1)
- Site: [http://172.17.0.1](http://172.17.0.1)
**New Alerts**
- **SQL Injection - MySQL** [40019] total: 1:
- [http://172.17.0.1/login.php]…
-
### What feature?
The application currently lacks a Content Security Policy (CSP), which increases the risk of cross-site scripting (XSS) and other injection attacks. Implementing a CSP is essential …
-
**Stored_XSS** issue exists @ **src/main/webapp/vulnerability/Injection/orm.jsp** in branch **master**
*Method query.list at line 12 of src\main\webapp\vulnerability\Injection\orm.jsp gets data fro…
-
```
What steps will reproduce the problem?
1. If a user is logged in, an attacker can send him a link to add-tag.php with
javascript in the tag GET field.
2. When the user goes back to the main page,…
-
DMVC already has middleware for CORS and general Security Headers.
There is also a set of standards around Content Security Policy (CSP), designed to help detect and mitigate certain types of attac…
-
Some or much of this can go under 2.5 Security libraries.
* "Simply do not" rely heavily on C and C++. There's no reason a *new* product trying to meet security requirements would use them.
* We c…