Forwarded from @Phantasm_Lab (Ag3nt-dpr)
Forwarded from @Phantasm_Lab (Ag3nt-dpr)
Bypassing Same Origin Policy (SOP)
https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab
The same origin policy is an important concept in the web application information security domain. In this policy, a web browser allows noscripts contained in a first web page ‘A’ to access data/resources in a second web page ‘B’, however, only if both web pages have the same origin.An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious noscript on one page from obtaining access to sensitive data on another web page through that page’s DOM (document object model).https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/#gref
🕴🏽 @Phantasm_Lab
Forwarded from @Phantasm_Lab
QRLJacking - A New Social Engineering Attack Vector
https://github.com/OWASP/QRLJacking
🕴🏼 @PhantasmLab
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.https://github.com/OWASP/QRLJacking
🕴🏼 @PhantasmLab
GitHub
GitHub - OWASP/QRLJacking: QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the…
QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into account...
UsabilityHub - Become a Tester
https://usabilityhub.com/
🕴🏼 @PhantasmLab
UsabilityHub is a remote user research platform that takes the guesswork out of design decisions by validating them with real users.https://usabilityhub.com/
🕴🏼 @PhantasmLab
Lyssna
The remote user research platform for human insights
Lyssna is your go-to user research platform. The best teams use Lyssna so they can deeply understand their audience and move in the right direction – faster. Get started for free.
UpLabs - The Global Network For Creatives
https://www.uplabs.com/
🕴🏼 @PhantasmLab
Uplabs is the leading community of creatives, offering the best digital inspiration and downloads, every day.https://www.uplabs.com/
🕴🏼 @PhantasmLab
Glify - Visual is in our DNA
https://www.gliffy.com/
🕴🏼 @PhantasmLab
Gliffy online tools power visual communication and collaboration.https://www.gliffy.com/
🕴🏼 @PhantasmLab
30º Hangout - Pentest, Bug Bounty e muito 0day
https://www.youtube.com/watch?v=LwGPHcTnWn4
🕴🏻 @Phantasm_Lab
https://www.youtube.com/watch?v=LwGPHcTnWn4
🕴🏻 @Phantasm_Lab
Forwarded from MUNDO INFORMATICA
Cookie-based SQL Injection
https://resources.infosecinstitute.com/cookie-based-sql-injection/#gref
🕴🏼 @Phantasm_Lab
Injecting malicious code in cookie: Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.https://resources.infosecinstitute.com/cookie-based-sql-injection/#gref
🕴🏼 @Phantasm_Lab
Infosec Resources
Cookie-based SQL Injection
Did you say a "Cookie" ? A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to