Highest Voted 'web' Questions - IT Security Stack Exchange

2

votes

2 answers

What mechanisms can be used by apps to block websites?

I came across several "productivity" extensions (eg. Limit) that can block websites if you enter it into their list. Some desktop/phone apps can also block other apps. I am quite new to information security but I am interested in how this…

web

asked Jan 07 '23 at 12:12

Junior Hat

23
4

1

vote

0 answers

Woocommerce cart dwell time

I had an issue with woocommerce. A user completed a purchase having the product in his cart after one year (Yes One Year), and bought at a different price, how is that possible? I understand that Woocommerce limits the time to 48 hours. Any…

web

asked Apr 04 '23 at 12:36

Emiliano Di Giacomo

11
1

1

vote

0 answers

Security implications of not verifying domain ownership on embeddable website tools like disqus

Context: Disqus and similar tools allow content creators to have an embedded "chat box" so that site visitors can comment on your content. I noticed recently that when I sign up I can claim ownership of any domain, even if I don't actually own it. I…

web

asked Dec 16 '20 at 19:13

g.delgado

111
3

1

vote

1 answer

Real life scenario for remote file execution

This is a commonly demonstrated attack because it is easy to explain and understand. The premise is that the victim does something like (oversimplified PHP example): include( $_GET['file']); And the attacker can pass a path to a php script on it's…

web

asked Oct 16 '18 at 20:07

Artium

113
4

1

vote

2 answers

Filling out ssn on a web form for printout purposes

We have a website that requires some private information such as ssn to be filled out. The users would have to complete the form, print, then fax the form. We don't store the ssn information but we do store the other fields, such as name, email,…

web

asked Nov 15 '16 at 00:30

gdec

11
2

0

votes

0 answers

Reaching directly the origin server (through http) should be considered a vulnerability if the webapp use cloudfront?

SCENARIO: webapp X use clodufront distributions to serve its content. It's possible to contact directly the origin server and get the content with the following steps: modify /etc/hosts to add intercept the request…

web

asked Dec 09 '20 at 13:24

Maicake

567
1
4
21

0

votes

1 answer

Why did a subdomain from a trusted website download a file?

I clicked on a link for the subdomain of a trusted website (the subdomain slackin.brilliant.org of the website brilliant.org), and instead of being directed to another page, a file called "download" simply downloaded onto my computer. I deleted the…

web

asked Nov 30 '18 at 22:45

Jack Luca

101
1

Questions tagged [web]

What mechanisms can be used by apps to block websites?

Woocommerce cart dwell time

Security implications of not verifying domain ownership on embeddable website tools like disqus

Real life scenario for remote file execution

Filling out ssn on a web form for printout purposes

Reaching directly the origin server (through http) should be considered a vulnerability if the webapp use cloudfront?

Why did a subdomain from a trusted website download a file?