You searched for - Page 2 of 2 - Sysadmins of the North

prettyPhoto DOM based XSS

prettyPhoto DOM based XSS on Saotn.org... This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see above. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops! So, I had work to do! But, what is prettyPhoto and what exactly is a DOM based XSS?

By Jan Reilink 04/05/2014Web application security

magnifying glass near gray laptop computer

Web application security

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I'll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.

By Jan Reilink 19/04/2013Web application security

Web application security

Unauthorized Access: Bypassing PHP strcmp()

Unauthorized Access: Bypassing PHP strcmp(). A way to bypass PHP's strcmp() binary safe string comparison function.

By Jan Reilink 08/03/2013Web application security

Web application security

“htaccess files should not be used for security restrictions”

An article explaining why .htaccess files should not be used to secure sensitive data. In many cases it is wrong to impose security restrictions using .htaccess files.

By Jan Reilink 08/08/2012Web application security

brown brick wall with black and yellow caution sign

Web application security

How to filter web traffic with blocklists

I needed a HTTP blocklist. Block and filter unwanted web HTTP traffic with blocklists, on both IIS and Apache webservers. Protect your website easily with this PHP blocklist class. Let's create our own little HTTP filter.

By Jan Reilink 27/05/2012Web application security

Web application security

7 Snippets to use .htaccess as a Web Application Firewall

Here are 7 .htaccess snippets for you to secure your website, by using .htaccess as a kWeb Application Firewall (WAF). You can use this information to block exploits and rogue HTTP requests on your website.

By Jan Reilink 03/08/2011Web application security

Search results for:

prettyPhoto DOM based XSS

Grep for forensic log parsing and analysis on Windows Server IIS

Unauthorized Access: Bypassing PHP strcmp()

“htaccess files should not be used for security restrictions”

How to filter web traffic with blocklists

7 Snippets to use .htaccess as a Web Application Firewall

Windows Server

Web applications

PowerShell