Questions tagged [filter]
5 questions
3
votes
0 answers
Disable php://filter globally or per php file
Local/Remote File Inclusion is a serious vulnerability. Best practice to protect against it is to set in php.ini:
allow_url_fopen = Off
allow_url_include = Off
open_basedir = /var/www/html
Clearly, whitelist based validation on user input is…
user2716262
- 611
- 3
- 12
2
votes
1 answer
Are unescaped backslashes dangerous in terms of XSS?
I thought the \ (backslash) character was a dangerous character that you needed to filter out/properly encode to protect against XSS attacks (OWASP says so, too), and I still do, but why?
I found a website that stores the search query when you…
David
- 23
- 2
1
vote
1 answer
Why does javascript not show an alert box?
I'm trying to insert javascript:alert(1) inside tag. There is some kind of filter for javascript, so I tried using javascrip%74:alert(1) and that url is accepted.
However when i click on it it redirects me to…
Disp Lay
- 41
- 4
0
votes
0 answers
Stopping a Subscription Bomb
Are there any methods for stopping a subscription bomb other than issuing a new email address? Creating gmail filters is only getting us so far as there are more emails coming in than we can keep up with. It feels like a losing battle.
Is there a…
dzzl
- 11
- 2
0
votes
1 answer
SQLi Filter Bypass with banned table/column names
I've studying and practicing different approach to SQLi filter bypass and I faced a challenge. What if the WAF filters look for specific strings rather than SQL keywords?
Example:
Filter: /UNION/
SQLi: UnIoN
Filter: /UNION/i
SQLi:…
Cob013
- 133
- 4