Questions tagged [uri]

10 questions
8
votes
5 answers

Hiding sensitive data in URIs

This is a potentially hypothetical question since it has not been determined whether we will be required to do this but I figure it's a question that will come up more often. Background When implementing RESTful services the standard approach is…
JimmyJames
  • 2,956
  • 2
  • 16
  • 25
4
votes
1 answer

What is the process of finding deep links from an Android application?

I'm very curious on how to go about this the only solution i can think of is to decompile, modify the code to print when a deep link is clicked, and recompile, if you have any other suggestions i would be very happy to hear!
root-louis
  • 43
  • 1
  • 4
3
votes
1 answer

How to create custom exploit https requests to test a PHP framework

I am working on the auto-routing functionality of Codeigniter 4 and I'd like to test it by sending some nasty exploit-type HTTPS requests to make sure it properly resists mischief. E.g., request a uri with .. in the path to see if we might execute…
S. Imp
  • 206
  • 1
  • 3
2
votes
1 answer

Mystery link containing fragment identifier in malicious email

The following link was received in a suspected phishing attack email. Unfortunately, the recipient clicked on the link in their outlook client:
Floegipoky
  • 123
  • 4
2
votes
1 answer

Weird Google Redirect Bug?

So I was recently show by a friend something that is happening to a real estate website. It seems that when their website is accessed from a regular URL request in browser it is fine however when requested from the google search engines its…
Echo
  • 23
  • 2
1
vote
2 answers

What are the best practices for naming backend-internal WebSocket endpoints?

In the backend I am currently working on I have a servlet (call it S) and a WebSocket endpoint (call it E). S needs to communicate with E, yet, as of now, any WebSocket client may connect to E. My question is: how should I name the URI of E and how…
coderodde
  • 113
  • 4
1
vote
1 answer

Custom Suricata's HTTP alert isn't triggered when using ".." as part of the scanned uri. Why?

I have a doubt with a Suricata custom rule. If I do: alert http any any -> any 80 (msg:"blabla"; content:"abc"; http_uri; sid:1000000;) I can get requests to http://x.x.x.x/abc uri in fast.log file But if I do: alert http any any -> any 80…
Osqui
  • 113
  • 4
0
votes
0 answers

Security implications of protecting private data with a long URI exclusively

A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this? I can think of some straight away: Search engines might index…
user9123
  • 563
  • 3
  • 10
0
votes
1 answer

Bypassing URL verification

I'm dealing with a URL validation function that was made by the developer (instead of using trusted methods). Here is a slightly modified version of the function: public static bool IsValidURL(string url) { string parsedurl =…
Bill Richard
  • 103
  • 5
0
votes
3 answers

How can clicking on a URI infect a host?

I watched a generic information security awareness presentation earlier, in which all that was required for the presenter to penetrate an organisation (with a meterpreter/reverse shell), was for someone on the inside to click, or type (or otherwise…
voices
  • 1,649
  • 7
  • 22
  • 36