Web LLM attacks | Web Security Academy
Web LLM attacks Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM attacks that take advantage of the model's access to data, APIs, or user information that an attacker cannot access directly. For example, an attack may: Retrieve data that the LLM has access to. Common sources of such data include t
New XSS vectors
Published: 20 April 2022 at 14:00 UTC Updated: 20 April 2022 at 14:07 UTC Transition based events without style blocksSo, recently, I was updating our XSS cheat sheet to fix certain vectors that had been made obsolete by browser updates. Whilst looking at the vectors, the transition events stuck in my head. They needed a style block as well as the event: <style>:target {color:red;}</style> <xss id
HTTP/2: The Sequel is Always Worse
Assuming you're already familiar with HTTP/1, there are only three new concepts that you need to understand. Pseudo-HeadersIn HTTP/1, the first line of the request contains the request method and path. HTTP/2 replaces the request line with a series of pseudo-headers. The five pseudo-headers are easy to recognize as they're represented using a colon at the start of the name: :method - The request m
alert() is dead, long live print()
Published: 02 July 2021 at 13:27 UTC Updated: 05 July 2021 at 10:03 UTC Cross-Site Scripting and the alert() function have gone hand in hand for decades. Want to prove you can execute arbitrary JavaScript? Pop an alert. Want to find an XSS vulnerability the lazy way? Inject alert()-invoking payloads everywhere and see if anything pops up. However, there's trouble brewing on the horizon. Malicious
What is CORS (cross-origin resource sharing)? Tutorial & Examples | Web Security Academy
Cross-origin resource sharing (CORS) In this section, we will explain what cross-origin resource sharing (CORS) is, describe some common examples of cross-origin resource sharing based attacks, and discuss how to protect against these attacks. This topic was written in collaboration with PortSwigger Research, who popularized this attack class with the presentation Exploiting CORS misconfigurations
Web trackers using CNAME Cloaking to bypass browsers’ ad blockers
Web trackers using CNAME Cloaking to bypass browsers’ ad blockers Cloak and dagger ANALYSIS Online advertising companies are making use of a new technique to fool web browsers into thinking they are serving first-party, rather than third-party cookies, circumventing the protections offer by ad blocking software in the process. The tactic – dubbed ‘CNAME Cloaking’ – represents the latest twist in t
Cross-Site Scripting (XSS) Cheat Sheet - 2024 Edition | Web Security Academy
Cross-site scripting (XSS) cheat sheet This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector. You can download a PDF version of the XSS cheat sheet. This is a PortSwigger Research project. Follow us on Twitter to receive updates. Downloaded
Google deprecates XSS Auditor for Chrome
The age of browser XSS filters is over Google is removing XSS Auditor for Chrome after a series of vulnerabilities have plagued the hotly-contested security feature. The anti-cross-site scripting (XSS) technology is to be deprecated and removed, Chromium devs announced last night. XSS Auditor has generated more than a little controversy since it was implemented in Chrome v4 in 2010, with the disco
Bypassing CSP with policy injection
Published: 05 June 2019 at 13:10 UTC Updated: 04 September 2020 at 14:31 UTC Whilst testing PayPal looking for ways to bypass CSP and mixed content protection I found an interesting behaviour. PayPal was putting a GET parameter called token inside the report-uri directive of their CSP. I found that by changing the token parameter it was possible to inject directives into the policy. Most browsers
XSS in hidden input fields
Published: 16 November 2015 at 11:25 UTC Updated: 14 June 2019 at 12:03 UTC At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving properly. Whilst doing this recently, Liam found a Cross-Site Scripting (XSS) vulnerability in [REDACTED], inside a hidden input element: <input type="hidden" name="redacted"
Practical Web Cache Poisoning | PortSwigger Web Security Blog
Published: 09 August 2018 at 23:20 UTC Updated: 02 October 2023 at 14:39 UTC AbstractWeb cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery sys
XSS protection disappears from Microsoft Edge
#NoFilter UPDATE (26/7) In a blog post yesterday, Microsoft confirmed it is removing XSS Filter in Edge. “We are retiring the XSS Filter in Microsoft Edge beginning in today’s [Windows 10 Insider Preview] build,” the company said. “Our customers remain protected thanks to modern standards like Content Security Policy, which provide more powerful, performant, and secure mechanisms to protect agains
Burp gets new JavaScript analysis capabilities
The latest release of Burp includes a new engine for static analysis of JavaScript code. This enables Burp Scanner to report a range of new vulnerabilities, including: DOM-based XSSJavaScript injectionClient-side SQL injectionWebSocket hijackingLocal file path manipulationDOM-based open redirectionCookie manipulationAjax request header manipulationDOM-based denial of serviceWeb message manipulatio
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
What is prototype pollution? | Web Security Academy
Evading defences using VueJS script gadgets
What is SSRF (Server-side request forgery)? Tutorial & Examples | Web Security Academy
Web Security Academy: Free Online Training from PortSwigger