Predrag Cujanović

Menu

Tag: XSS

Pingdom Website Speed Test DOM based XSS

Hello all, this is my first blog post in English and my first blog post in the last 3 years, so be nice :)

Recently I found a very interesting DOM based XSS in one of the Pingdom’s services.

pingdom dom xss

The service is Pingdom Website Speed Test .

Continue reading “Pingdom Website Speed Test DOM based XSS”

Sigurni php kod

Par saveta za pisanje sigurnog php koda.

 

Zaštita od SQL Injection-a

evo kao primjer jedan jednostavni kod: (traženje usera u bazi)

 

<form action=“.“ method=“post“>

<input type=“text“ name=“username“ />

<input type=“submit“ name=“sbm“ value=“Search!“ />

</form>

 

(…)

 

mysql_connect(„localhost“, „guest“); Continue reading “Sigurni php kod”

Lista sigurnosnih propusta koje sam otkrio

Lista za sada sadrži XSS i SQLi sigurnosne propuste komercijalnih web aplikacija.

 

BGS CMS XSS:

Softver: BGS CMS

Web Sajt: www.bgs-cms.com

Ranjiva adresa: https://www.server/?action=search&search=[XSS]

Continue reading “Lista sigurnosnih propusta koje sam otkrio”