Tagged Questions

3
votes
2answers
87 views

User privileges for unsanatized code

We all know there are still vulnerable code out there even though they may or may not get exploited and found for hacking attempts. I've seen people do it countless times and have a possibly plausible ...
2
votes
3answers
173 views

Stop code injections into page code

I started a topic HERE on the stackoverflow site, but was refered here. I did get some info there, but think it need's more indepth input. So hopefuly people here can help. I have a few domains ...
2
votes
2answers
110 views

What are the security risks when users upload their html & javascript to AWS S3 and the content is used in a webapp

I'm building this webapp where users can login and build their own online presentation. To build the presentation they can use their own html, css and javascript. These user files are not uploaded to ...
1
vote
4answers
576 views

Playing with Referrer Header

There are 2 sites: http://www.site1.com http://www.site2.com http://www.site1.com contains link to http://www.site2.com as <a href="http://www.site2.com/">link<a/> When user clicks ...
12
votes
3answers
414 views

How secure is aSSL (javascript)? Does it effectively mimic SSL?

Some of you may be familiar with the aSSL project, which uses AJAX/PHP to mimic the SSL protocol. It uses RSA 512 or 1024 for the keys, and AES for the actual data. It looks impressive to me in ...
2
votes
4answers
463 views

Without using SSL, what's the most secure way to make an AJAX request to a PHP page?

It was suggested over at stackoverflow that I try my question here. This is it verbatim: So, it's impossible to do AJAX requests securely without using SSL. I get it. You can either view-source the ...
1
vote
0answers
297 views

A proposal for Data Transmission and Password Encryption [closed]

I need to implement a sensitive data protection scheme which can meet the requirements on secure data transmission, protection and storage, assuming mutually trusted third party is not available, that ...
5
votes
1answer
2k views

Is this jQuery ajax call vulnerable to XSS?

If somebody can edit $("#field").val(), can they change the url property here to point to another location? $.ajax({ url: "http://mywebsite/script?param=" + $("#field").val(), dataType: "jsonp", ...
3
votes
2answers
329 views

Can one get infected through visiting a site with a PHP script on it and if yes, how?

I can imagine a clientside JavaScript that gets executed in a vulnerable browser to do some harm, but how can this be done with PHP? Since it's serverside it shouldn't have access to the visitor's ...
4
votes
3answers
462 views

PHP/JavaScript with RSA

I have a few columns in the database which should be encrypted. I'm wondering if the way I chose to make this system work is ok, and I'm looking forward to hear some opinions: I chose RSA algorithm ...
18
votes
4answers
3k views

How do you know your server has been compromised?

I recently helped a client who had their server hacked. The hackers added some PHP code into the header of the homepage redirecting the user to a porn website — but only if they came from Google. This ...
7
votes
3answers
497 views

Security attacks on PHP web applications

I know about following security attacks on php applications (html,php,js). XSS SQL Injection CSFR Session Hijacking /Fixation Code Injection Remote file injection Should i know about any other or ...