Tagged Questions
1
vote
2answers
947 views
Possible attack on website
I am a developer and I therefor I have very little knowledge on security. So I need some help understanding the attack on website which we launched recently for one of our client. Website is built on ...
-2
votes
1answer
161 views
Injected Images
I want to learn all about that. How can we inject code into an image? Is the code must be php? Or is javascript or HTML works too? How I find documentation about this article?
I'm a newbie about ...
-1
votes
2answers
113 views
Protecting sensitive content in JS source code and Ajax cals [closed]
I've been trying to see how to properly protect important content that's passed in ajax calls with java script. Considering JavaScript can be viewed at any point, it is inevitable that some of your ...
1
vote
1answer
254 views
If my website does not take any user input, is there any danger in showing my code and folder structure?
First time posting here; apologies for any mistakes I've made, please edit, retag, migrate as appropriate.
I have a simple homepage whose purpose is (essentially) to contain my contact info and some ...
2
votes
1answer
227 views
Are GET, POST and windows.location vulnerable to XSS in a Wordpress theme?
I created a Wordpress theme for my client. He told me that he scanned my theme with a vulnerability scanner, and that it has security issues with the GET and windows.location methods. Is this really ...
-3
votes
1answer
374 views
Cross-site request forgery attack. How can we stopped this? [closed]
On one of our websites, we are seeing this code is adding itself. I tried to figured out but no success. One thing I have noticed when I removed the html, head and body starting tags, it's gone.
Our ...
0
votes
2answers
1k views
Stopping js malware injection on our Wordpress site
This had been added to our wordpress site, specifically in the footer.php.
hxxp://pkktjuchlrv.peguards.cc/02b31ac5iq/get.js
It is malware as defined by google, i belive it is tracking code.
We have ...
3
votes
2answers
104 views
User privileges for unsanatized code
We all know there are still vulnerable code out there even though they may or may not get exploited and found for hacking attempts. I've seen people do it countless times and have a possibly plausible ...
3
votes
3answers
452 views
Stop code injections into page code
I started a topic HERE on the stackoverflow site, but was refered here.
I did get some info there, but think it need's more indepth input.
So hopefuly people here can help.
I have a few domains ...
2
votes
2answers
217 views
What are the security risks when users upload their HTML and javascript to AWS S3 and the content is used in a webapp?
I'm building this web app where users can login and build their own online presentation. To build the presentation they can use their own html, css and javascript. These user files are not uploaded to ...
4
votes
5answers
10k views
Playing with Referrer Header
There are 2 sites:
http://www.site1.com
http://www.site2.com
http://www.site1.com contains link to http://www.site2.com as
<a href="http://www.site2.com/">link<a/>
When user clicks ...
13
votes
3answers
821 views
How secure is aSSL (javascript)? Does it effectively mimic SSL?
Some of you may be familiar with the aSSL project, which uses AJAX/PHP to mimic the SSL protocol. It uses RSA 512 or 1024 for the keys, and AES for the actual data. It looks impressive to me in ...
2
votes
4answers
1k views
Without using SSL, what's the most secure way to make an AJAX request to a PHP page?
It was suggested over at stackoverflow that I try my question here. This is it verbatim:
So, it's impossible to do AJAX requests securely without using SSL. I get it. You can either view-source the ...
1
vote
0answers
487 views
A proposal for Data Transmission and Password Encryption [closed]
I need to implement a sensitive data protection scheme which can meet the requirements on secure data transmission, protection and storage, assuming mutually trusted third party is not available, that ...
5
votes
1answer
3k views
Is this jQuery ajax call vulnerable to XSS?
If somebody can edit $("#field").val(), can they change the url property here to point to another location?
$.ajax({
url: "http://mywebsite/script?param=" + $("#field").val(),
dataType: "jsonp",
...
4
votes
2answers
475 views
Can one get infected through visiting a site with a PHP script on it and if yes, how?
I can imagine a clientside JavaScript that gets executed in a vulnerable browser to do some harm, but how can this be done with PHP?
Since it's serverside it shouldn't have access to the visitor's ...
4
votes
3answers
618 views
PHP/JavaScript with RSA
I have a few columns in the database which should be encrypted. I'm wondering if the way I chose to make this system work is ok, and I'm looking forward to hear some opinions:
I chose RSA algorithm ...
22
votes
4answers
10k views
How do you know your server has been compromised?
I recently helped a client who had their server hacked. The hackers added some PHP code into the header of the homepage redirecting the user to a porn website — but only if they came from Google. This ...
7
votes
4answers
786 views
Security attacks on PHP web applications
I know about following security attacks on php applications (html,php,js).
XSS
SQL Injection
CSFR
Session Hijacking /Fixation
Code Injection
Remote file injection
Should i know about any other or ...
