Highest Voted 'header' Questions - IT Security Stack Exchange

0

votes

1 answer

Getting confusion that this responce indicate CORS vulnerability

HTTP/1.1 200 OK Content-Type: application/json Content-Length: 12 Connection: close Date: Tue, 25 Sep 2018 12:59:56 GMT x-amzn-RequestId: xxxxxxxxxxx Access-Control-Allow-Origin: * Access-Control-Allow-Headers:…

websites cors header

asked Sep 25 '18 at 13:19

Dhananjay

3
3

0

votes

1 answer

CSP header default-src: data:

I am testing CSP header implementation. The implemented header value is: Content-Security-Policy: default-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Security-Policy: default-src…

content-security-policy header

asked May 07 '18 at 18:06

user187205

1,163
3
15
24

0

votes

1 answer

Check for insecure CORS settings with cURL

I'm trying to verify the CORS settings of a website using cURL. The following command should let me check whether the CORS settings can be considered as secure or if requests may be made across origins. I'm performing a preflight check, but the same…

http proxy burp-suite header cors

asked Nov 15 '17 at 15:20

SaAtomic

989
2
15
27

0

votes

1 answer

HTTP Security header implementation

Does any one know if: X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy are for HTTP and: Strict-Transport-Security Public-Key-Pins are for HTTPS? What I mean is that if I have a blog which serves pages on HTTP…

tls http appsec header

asked Aug 21 '17 at 20:08

Metahuman

493
1
5
12

0

votes

1 answer

Host Injection Vulnerability Successful HTTP codes?

I am trying to exploit Host Injection Vulnerability of a website. If I change the host or add another host, what all are the HTTP response codes that will tell me about a successful HTML Host Injection Vulnerability? I read a PoC…

vulnerability injection html header

asked Mar 26 '17 at 15:21

ErrorrrDetector

146
7

0

votes

1 answer

Why is calculating the checksum of an IP Datagram header and then encrypting it not appropriate to provide Data Origin Authentication?

So assuming Alice and Bob have agreed to use a particular symmetric cryptosystem and share an appropriate key, they want to achieve data origin authentication by computing the header checksum of an IP datagram and then encrypting it. As far as I'm…

encryption authentication ip header

asked Apr 02 '16 at 10:11

ellefc

499
2
6
14

0

votes

1 answer

The sent gmail was modified to other version, how to trace the record beside header?

Recently, the emails I sent from gmail were either modified or the documents got replaced for others. When i communicated with google, they only asked for the header but nothing else .. Also, when i see the devices in recent activities, I see a…

gmail header

asked Mar 02 '16 at 16:46

joe

1

-1

votes

1 answer

CORS attack using authentication token

I found a website which is vulnerable to cors.(https://portswigger.net/web-security/cors) GET /api/requestApiKey HTTP/1.1. Host: vulnerable-website.com. Origin: https://evil.com. AUTHENTICATION: eyssdsdsdsasa..... And the server responds…

html cors header bug-bounty host-header-injection

asked Apr 21 '22 at 11:38

Cyber World

1

-2

votes

2 answers

Is CSRF possible if i know the value of the authorization bearer token?

If i know the value of bearer token of the victim, can i generate a get csrf page and set a custom Autorization: Bearer [token] header?

csrf authorization header

asked Apr 29 '20 at 17:42

apex

11
3

Questions tagged [header]