Highest Voted 'url' Questions - IT Security Stack Exchange

0

votes

2 answers

Why are .URL and .WSH files considered dangerous?

Why are windows files with the extension ".url" and ".wsh" considered dangerous (e.g. blocked by many mail filters)? The way I see it: .URL: you can link to a malicious website which serves an exploit, but it is even easier to type said url in a…

windows url file-types

asked Apr 10 '17 at 16:15

user3231622

127
4

0

votes

2 answers

Firewall is blocking invalid URLs, what is the danger?

My Fortinet firewall seems to be blocking invalid URLs (for example, URLs that it considers invalid, which means that underscores are not accepted, even though some sites use them). This causes some problems. I want to remove that option so that it…

firewalls url

asked Feb 09 '17 at 19:35

Yann Chabot

103
4

0

votes

1 answer

Which URL schemes are dangerous (XSS exploitable)?

I know that a blacklist approach to URL filtering isn't the most secure, but let's say that in addition to this filtering we're also rewriting all untrusted links to go through a redirect page that warns the user about the risks, and that we're…

web-browser xss url

asked Jan 15 '17 at 10:08

Changaco

101
5

0

votes

4 answers

How do URL shortening services like bitly prevent ddos attacks?

i am working on a project that needs to shorten URLs to of about ~25 chars of length. I can create cryptic ids which map to full length URL and persist it in a DB. My only worry is how can i prevent someone from random generating such ids and…

ddos url-redirection url

asked Dec 11 '16 at 17:42

bluefalcon

143
3

0

votes

1 answer

Restrict access to public URL many times

I have such situation. Imagine there is a public service (URL). What we don't want, is for someone, to be able to access this URL many times in short period of time, because they will be able to block our database (essentially a DDOS attack, I…

access-control ddos denial-of-service url spring-framework

asked Sep 22 '16 at 07:34

Abesalomi Gogatishvili

1

0

votes

1 answer

Is it a good idea to preventive use a robots.txt that disallows all search engines to index query strings in order to slow down reconnaissance?

I know that robots.txt is not a security feature. But, indexed and cached information by search engines might be incredibly helpful in the reconnaissance phase of a penetration test and potentially for automated vulnerability scanners. Let alone the…

penetration-test google url web reconnaissance

asked Jul 14 '16 at 09:07

Bob Ortiz

6,234
8
43
90

0

votes

1 answer

Anti CSRF tokens with a black box

Consider an app you develop that uses something like the OWASP CSRFGuard library. What can be done to protect against XSS if the app calls a third party black box app that has no way to store and return the token when control is transferred back to…

appsec csrf url

asked Jun 09 '16 at 21:00

infosecnewb

1

0

votes

1 answer

On Mozilla's Add-ons site (AMO) what is happening with external links?

On Mozilla's Add-ons site (known as AMO), all external links are directed through: https://outgoing.mozilla.org/v1/[UUID]/[destination URL] As a random example, see the link in the Description section of this…

privacy internet url-redirection url

asked May 09 '16 at 08:15

RockPaperLz- Mask it or Casket

3,114
21
50

0

votes

3 answers

Access Key In URL - Securing The Unsecured!

I'm having some difficulties doing this the right way (as much as it can go). Some time ago, I've asked a question here, asking for help on how to implement sending an access link through email. First of, I know this is terribly insecure from the…

authentication url random

asked Jan 22 '16 at 12:42

Neta

133
5

-1

votes

1 answer

Where could I find a list of keys not to use for DES encrypting

We have a process that encrypts a URL, it uses DES encryption. I suspect someone may have figured out the key and is decrypting it to crawl information. This was set up many years ago, I just want to make sure whoever set it up is did not use a…

encryption url des

asked Aug 09 '22 at 20:13

Sanpopo

109
1
4

-1

votes

1 answer

Automated malicious links delivered with e-mail (Reddit, LinkedIn, Package)

Recently my organisation has been flooded with phishing e-mails with different approaches: pretending to be Reddit or LinkedIn information about a new follower or package delivery status/problems, etc. Every malicious e-mail is delivered from a…

email spam url

asked Feb 11 '22 at 11:19

deevee

353
1
3
10

-1

votes

2 answers

Are the private URLs from Google Photos actually unguessable?

Maybe my math is wrong, but here it goes. If I generate a private url to share an album in Google Photos, I get something like this https://photos.app.goo.gl/***************** where the asterisks are alphanumeric characters, case sensitive (total of…

privacy google url

asked Sep 10 '21 at 11:22

cinico

93
7

-1

votes

1 answer

Unable to utilise curl commands on website

There is a free online SMS service called globfone which allows you to send free text messages via their website. However, I'm looking to integrate this functionality into a script through curl. But the problem is that I am unable to find where to…

api sms url curl

asked Jul 29 '18 at 11:47

John Greeny

101
2

-1

votes

3 answers

Username appearing in URL when changing password

Use case: User logs into the site. User goes to the "change password" page On the "change password" page, I noticed that the username is being displayed in the URL: https://example.com/cp.aspx?un=myusername Is it possible for the username to not…

web-application url

asked Apr 10 '18 at 03:33

iamkupao23

13
1

-1

votes

1 answer

Passing a secret in url: as a part of the url or query string?

If I need to make get request to an html page and thus pass a secret via the url using https, is it true that I'd need to pass it in a query string versus a part of a path url? my_domain.com/some_url/my_secret123 -->…

tls http url secret-sharing

asked Mar 14 '18 at 02:15

jerry

365
3
4

Questions tagged [url]