サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
GPT-4o
portswigger.net
Published: 11 July 2023 at 13:00 UTC Updated: 11 July 2023 at 13:00 UTC In this post we are going to show how you can (ab)use the new HTML popup functionality in Chrome to exploit XSS in meta tags and hidden inputs. It all started when I noticed the new popover behaviour with Chrome on Twitter. We all know about annoying modal dialogs that nag you to subscribe to a newsletter - now you can create
Server-side prototype pollution: Black-box detection without the DoS Published: 15 February 2023 at 16:30 UTC Updated: 28 March 2023 at 09:50 UTC Server-side prototype pollution is hard to detect black-box without causing a DoS. In this post, we introduce a range of safe detection techniques, which we've also implemented in an open source Burp Suite extension. You can shortly try these out for you
FREE Dastardly, from Burp Suite Secure web development should be more than just a pipe dream A free DAST web application scanner for your CI/CD pipeline Find 7 issues you care about - in 10 mins or less Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline. It looks at your application from the outside - just like an attacker - giving it the sort of accuracy tha
The seventh way to call a JavaScript function without parentheses Published: 12 September 2022 at 13:00 UTC Updated: 18 September 2022 at 17:20 UTC I thought I knew all the ways to call functions without parentheses: alert`1337` throw onerror=alert,1337 Function`x${'alert\x281337\x29'}x``` 'alert\x281337\x29'instanceof{[Symbol['hasInstance']]:eval} valueOf=alert;window+'' x=new DOMMatrix;matrix=al
This request triggered an extremely suspicious intermittent 400 Bad Request response from various websites that were running AWS Application Load Balancer (ALB) as their front-end. Investigation revealed that ALB was mysteriously adding a 'Transfer-Encoding: chunked' header while downgrading the request to HTTP/1.1 for forwarding to the back-end, without making any alterations to the message body:
JWT attacks In this section, we'll look at how design issues and flawed handling of JSON web tokens (JWTs) can leave websites vulnerable to a variety of high-severity attacks. As JWTs are most commonly used in authentication, session management, and access control mechanisms, these vulnerabilities can potentially compromise the entire website and its users. Don't worry if you're not familiar with
WordPress sites getting hacked ‘within seconds’ of TLS certificates being issued Attackers pounce before site owners can activate the installation wizard Attackers are abusing the Certificate Transparency (CT) system to compromise new WordPress sites in the typically brief window of time before the content management system (CMS) has been configured and therefore secured. CT is a web security stan
Published: 20 April 2022 at 14:00 UTC Updated: 20 April 2022 at 14:07 UTC Transition based events without style blocksSo, recently, I was updating our XSS cheat sheet to fix certain vectors that had been made obsolete by browser updates. Whilst looking at the vectors, the transition events stuck in my head. They needed a style block as well as the event: <style>:target {color:red;}</style> <xss id
HTTP/3: Everything you need to know about the next-generation web protocol QUIC march Security researchers have only just gotten their teeth into HTTP/2, but the movers and shakers of the web are already spinning out an update: HTTP/3. The technology offers performance gains and security benefits, but only if we get over the many deployment issues that lie ahead for what one expert tells us is bes
Published: 09 February 2022 at 13:59 UTC Updated: 10 February 2022 at 15:20 UTC Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year. Since kicking off the selection process in January, the infosec community has nominated 40 research papers, then voted
uBlock, I exfiltrate: exploiting ad blockers with CSS Published: 06 December 2021 at 14:00 UTC Updated: 07 December 2021 at 12:15 UTC Ad blockers like uBlock Origin are extremely popular, and typically have access to every page a user visits. Behind the scenes, they're powered by community-provided filter lists - CSS selectors that dictate which elements to block. These lists are not entirely trus
Google, Mozilla close to finalizing Sanitizer API for Chrome and Firefox browsers Latest specification is a work in progress Leading browser vendors are putting the finishing touches to a set of APIs that make it easier for developers to protect their web applications against cross-site scripting (XSS) attacks. Many websites rely on dynamically generated content in the browser. Often, the generate
Assuming you're already familiar with HTTP/1, there are only three new concepts that you need to understand. Pseudo-HeadersIn HTTP/1, the first line of the request contains the request method and path. HTTP/2 replaces the request line with a series of pseudo-headers. The five pseudo-headers are easy to recognize as they're represented using a colon at the start of the name: :method - The request m
Published: 02 July 2021 at 13:27 UTC Updated: 05 July 2021 at 10:03 UTC Cross-Site Scripting and the alert() function have gone hand in hand for decades. Want to prove you can execute arbitrary JavaScript? Pop an alert. Want to find an XSS vulnerability the lazy way? Inject alert()-invoking payloads everywhere and see if anything pops up. However, there's trouble brewing on the horizon. Malicious
Introducing DOM Invader: DOM XSS just got a whole lot easier to find Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new tool for Burp Suite Professional and Burp Suite Community Edition that's going to make testing for DOM XSS much easier - and we think you're going to like it. Meet: DOM Inv
Burp Suite Professional Test like a Pro. Hands-on security testers need the best tools for the job. Tools you have faith in, and enjoy using all day long. The tools that other professionals trust.
HTTP request smuggling In this section, we'll explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise. Labs If you're already familiar with HTTP request smuggling and just want to practice on a series of deliberately vulnerable sites, check out the link below for an overview of all labs in this topic. View all HTTP request smuggling labs What is H
Published: 17 February 2020 at 14:36 UTC Updated: 05 January 2021 at 14:10 UTC The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting of Nicolas Grégoire, Soroush Dalili, Filedescriptor, and myself have conferred, voted, and selected the Top 10 new web hacking techniques of 2019. Every year, professional researchers, seasoned penteste
Published: 31 December 2019 at 14:39 UTC Updated: 07 September 2020 at 13:49 UTC Update: the results are now in! View them here: Top 10 web hacking techniques of 2019Nominations for the top 10 new web hacking techniques of 2019 are now open! Every year, professional researchers, seasoned pentesters, bug bounty hunters and academics release a flood of blog posts, presentations, videos and whitepape
In this section, we will explain what cross-origin resource sharing (CORS) is, describe some common examples of cross-origin resource sharing based attacks, and discuss how to protect against these attacks. This topic was written in collaboration with PortSwigger Research, who popularized this attack class with the presentation Exploiting CORS misconfigurations for Bitcoins and bounties. What is C
Published: 03 October 2019 at 12:54 UTC Updated: 20 September 2022 at 08:04 UTC Last month I published HTTP Desync Attacks: Request Smuggling Reborn. Since then, there's been a range of new developments. While vendors have been deploying fixes and publishing advisories, I've devised new desync techniques exposing yet more systems to attack. I've also adapted the tooling to make it easier to hunt d
Cross-site scripting (XSS) cheat sheet This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector. You can download a PDF version of the XSS cheat sheet. This is a PortSwigger Research project. Follow us on Twitter to receive updates. Downloaded
Published: 26 September 2019 at 15:00 UTC Updated: 04 September 2020 at 14:33 UTC PortSwigger are proud to launch our brand new XSS cheatsheet. Our objective was to build the most comprehensive bank of information on bypassing HTML filters and WAFs to achieve XSS, and to present this information in an accessible way. Each vector includes a hosted proof of concept and which browser it successfully
Published: 07 August 2019 at 21:00 UTC Updated: 07 September 2022 at 09:06 UTC AbstractHTTP requests are traditionally viewed as isolated, standalone entities. In this paper, I'll explore forgotten techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous
The age of browser XSS filters is over Google is removing XSS Auditor for Chrome after a series of vulnerabilities have plagued the hotly-contested security feature. The anti-cross-site scripting (XSS) technology is to be deprecated and removed, Chromium devs announced last night. XSS Auditor has generated more than a little controversy since it was implemented in Chrome v4 in 2010, with the disco
Published: 15 May 2019 at 14:54 UTC Updated: 20 March 2020 at 07:50 UTC A few years ago I discovered a technique to call functions in JavaScript without parentheses using onerror and the throw statement. It works by setting the onerror handler to the function you want to call and the throw statement is used to pass the argument to the function: <script>onerror=alert;throw 1337</script> The onerror
Free, online web security training from the creators of Burp Suite
We are pleased to announce the launch of the Web Security Academy. This is a brand new learning resource providing training on web security vulnerabilities, techniques for finding and exploiting bugs, and defensive measures for avoiding them. The Web Security Academy contains interactive learning materials, including real vulnerability labs that you can access instantly online to practice what you
Published: 27 February 2019 at 15:45 UTC Updated: 05 January 2021 at 14:10 UTC The results are in! After an impressive 59 nominations followed by a community vote to pick 15 finalists, a panel consisting of myself and noted researchers Nicolas Grégoire, Soroush Dalili and Filedescriptor have conferred, voted, and selected the 10 most innovative new techniques that we think will withstand the test
次のページ
このページを最初にブックマークしてみませんか?
『Web Application Security, Testing, & Scanning - PortSwigger』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く