Questions tagged [uri]
10 questions
8
votes
5 answers
Hiding sensitive data in URIs
This is a potentially hypothetical question since it has not been determined whether we will be required to do this but I figure it's a question that will come up more often.
Background
When implementing RESTful services the standard approach is…
JimmyJames
- 2,956
- 2
- 16
- 25
4
votes
1 answer
What is the process of finding deep links from an Android application?
I'm very curious on how to go about this the only solution i can think of is to decompile, modify the code to print when a deep link is clicked, and recompile, if you have any other suggestions i would be very happy to hear!
root-louis
- 43
- 1
- 4
3
votes
1 answer
How to create custom exploit https requests to test a PHP framework
I am working on the auto-routing functionality of Codeigniter 4 and I'd like to test it by sending some nasty exploit-type HTTPS requests to make sure it properly resists mischief. E.g., request a uri with .. in the path to see if we might execute…
S. Imp
- 206
- 1
- 3
2
votes
1 answer
Mystery link containing fragment identifier in malicious email
The following link was received in a suspected phishing attack email. Unfortunately, the recipient clicked on the link in their outlook client:
Floegipoky
- 123
- 4
2
votes
1 answer
Weird Google Redirect Bug?
So I was recently show by a friend something that is happening to a real estate website. It seems that when their website is accessed from a regular URL request in browser it is fine however when requested from the google search engines its…
Echo
- 23
- 2
1
vote
2 answers
What are the best practices for naming backend-internal WebSocket endpoints?
In the backend I am currently working on I have a servlet (call it S) and a WebSocket endpoint (call it E). S needs to communicate with E, yet, as of now, any WebSocket client may connect to E.
My question is: how should I name the URI of E and how…
coderodde
- 113
- 4
1
vote
1 answer
Custom Suricata's HTTP alert isn't triggered when using ".." as part of the scanned uri. Why?
I have a doubt with a Suricata custom rule.
If I do: alert http any any -> any 80 (msg:"blabla"; content:"abc"; http_uri; sid:1000000;) I can get requests to http://x.x.x.x/abc uri in fast.log file
But if I do: alert http any any -> any 80…
Osqui
- 113
- 4
0
votes
0 answers
Security implications of protecting private data with a long URI exclusively
A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this?
I can think of some straight away:
Search engines might index…
user9123
- 563
- 3
- 10
0
votes
1 answer
Bypassing URL verification
I'm dealing with a URL validation function that was made by the developer (instead of using trusted methods).
Here is a slightly modified version of the function:
public static bool IsValidURL(string url) {
string parsedurl =…
Bill Richard
- 103
- 5
0
votes
3 answers
How can clicking on a URI infect a host?
I watched a generic information security awareness presentation earlier, in which all that was required for the presenter to penetrate an organisation (with a meterpreter/reverse shell), was for someone on the inside to click, or type (or otherwise…
voices
- 1,649
- 7
- 22
- 36