IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [input-validation]

8 questions
15
votes
6 answers

Preventing users from tampering with input

Let's say that I have a single-page web app written in JavaScript and a server-side API, both changeable by me. The app calculates some values based on user input and POSTs these to the API. The values are based on user input but do not contain user…
TrueWill
  • 315
  • 2
  • 11
1
vote
1 answer

Phishing: can input data be saved before I hit the button?

I just clicked a phishing link and foolishly entered my credit card details. I realized it was phishing before I hit SUBMIT. Is there a chance I exposed my data?
Illia Strikhar
  • 11
  • 2
0
votes
0 answers

Accidentally locked an XSS vulnerable input

On https://ais.osym.gov.tr/ I saw an XSS vulnerable input. I tried some payloads without malicious intent which only contained alerts or console logs. The code img \x00src=x onerror=alert(1) worked. Now the problem is whenever I try to remove it I…
Krysslk
  • 1
  • 1
0
votes
0 answers

What are vulnerabilities of saving user input directly in wordpress plugin?

I have a WordPress plugin that helps create an organization chart/tree and then generates a URL where the chart is available to be viewed by the public. The plugin dashboard looks like this the plugin uses window alerts to input from the user: As…
Haroon Azhar Khan
  • 103
  • 3
0
votes
0 answers

Input sanitization

Is unwanted characters removal enough to prevent most attacks (Python) ? Obviously the code should have more sophisticated rules (ex.remove more than one consecutive white spaces after a new line), but my understanding is that only characters used…
Looper
  • 1
  • 2
0
votes
1 answer

How would you test the security of a flat file processing application?

How would you test the security of a flat file processing application? Perhaps the question is more about how does the back-end of an application that takes a flat file with a specific template as input handle such input.
Redacted for Privacy
  • 3
  • 2
0
votes
0 answers

CWE-915 (overpost/mass assignment) and antiforgery when not saving posted object to storage

Veracode has found overpost or mass-assignment flaws (CWE 915) in our MVC portal. Technically, this is true, but I am wondering how much of an effort we would need to put into this, especially since we are already using antiforgery tokens, require…
scott.korin
  • 103
  • 3
0
votes
3 answers

How to generate malicious input at processing stage?

I am developing an application and It needs to be highly secured. Because of that reason, I am researching more security vulnerabilities and I found the below paragraph. This is related to input validation and I have already implemented client-side…
Infra
  • 650
  • 1
  • 6
  • 19