Author Archives Ziyahan Albeniz

XML-RPC protocol was introduced to ease the usability of cross-platform applications, but the new attack discovery shows that it allows IP Disclosure attacks. This blog post explains how the XML-RPC Protocol works and how it is vulnerable to IP Disclosure attacks on Wordpress. It shows how this attack is possible and how to prevent it. Read More

This blog post examines Frame Injection attacks. It describes briefly the history of the invention and development of frames, what Frame Injection attacks and hijacks mean in terms of security, and what you can do to prevent them. It also compares Frame Injection attacks with Cross-site Scripting, which is often a priority for bug bounty hunters. Read More

The SameSite cookie attribute is used by browsers to control cookie requests and increase security. This article explains what the SameSite cookie attribute is and the different security levels to which it applies. It also describes upcoming changes to the Same Site attribute on Chrome and the new ‘Cookies without SameSite must be secure’ feature. Read More

This blog post explores the issue of content-type and status code leakage. It examines the meaning of HTTP status codes and their effect when used with HTML attributes. The typemuchmatch HTML attribute receives special attention. It also explains how to prevent data leaks, and emphasizes the importance of correct implementation. Read More

Setting cookies on domains with multiple subdomains opens them up to security risks such as session fixation attacks. This article describes the purpose of cookies on websites with multiple domains, provides a demonstration of the sandbox attribute by the use of examples, and explains the advantages of the CPS sandbox attribute. Read More

This article discusses vulnerabilities in older versions of WordPress due to its pingback and trackback features, and flawed sanitizing mechanism. It describes how attackers can use HTML tags to bypass sanitizing and insert an XSS payload using the WordPress flaw. Finally, it concludes with advice on how to fix the vulnerability in WordPress. Read More

Research shows that developers must be directed to write secure code and don’t have enough information about security, often copying and pasting code from the internet. This blogpost examines weak ways to store user passwords, warning that strong algorithms may not be enough for security, and provides advice on how to store passwords securely. Read More

Tor is an anonymity network that provides so-called onion services so that users can hide their locations. This article explains how to start a Tor service and change your domain name. It examines research on the security risks of regular onion domains, the user habits on Tor services, and possible fixes and updates for security concerns. Read More

This blog is describes an attempt by a security researcher to exploit a Cross-site Scripting (XSS) vulnerability. It explains the importance of template strings – including multi-line strings and tagged templates – in XSS filtering, how to overcome the document.domain issue, and the discovery and exploitation of Self-XSS, with reading suggestions. Read More

Cryptojacking is the unauthorized use of a computer to mine cryptocurrency. This article traces the development of Cryptojacking from ByteCoin and Monero, used by the CoinHive service. It examines how Cryptojacking works, the latest research, and content security policy solutions that limit source loading and report Cryptojacking scripts. Read More

This article examines a new attack on Google Docs called Sound Hijacking, which leads to the takeover of users’ audio input devices. We investigate how the attack works and conclude with an evaluation of the importance of the X-Frame-Options Header for the attack and information on which browsers support it. Read More

Brave is a browser that blocks ads and website tracking to improve user privacy and security. This blog post describes a controversial update to Brave that contained a whitelist of tracking URLs, causing online discussions, and a temporary but active solution. This blog examines some key terms and suggests how Brave could learn from Firefox. Read More

Open Graph Protocol (OGP) was introduced by Facebook to highlight shared links in social media platforms. Phishing attacks use OGP to deceive users into clicking links that redirect them to other websites. This blog post explains what the OGP looks like, discusses phishing attack research and finally lists some precautions to take against them. Read More

This article focuses on new research into potential remote hardware takeover vulnerabilities in admin software. These vulnerabilities occur due to a lack of control mechanisms, which enables potential WebSocket Hijacking attacks. The article explains how these attacks work, how to prevent them, and the importance of a content security policy header. Read More

This article examines the security of PHP's session cookies in a shared hosting environment, and explains why a cryptographically secure, random session ID is not enough to prevent attacks. It explains how PHP handles cookies and how the session management feature initializes in PHP. Finally, it provides an attack demo and advice for prevention. Read More

jQuery is a JavaScript library that simplifies the process of writing code in JavaScript by making the element selectors, event chaining, and event handling easier. Since its inception, a large number of client-based libraries are dependent on jQuery. This article will examine the research on jQuery selectors. Read More

Session variables are server-side variables whose value is tied to the current session. They are an essential part of many web applications. Session-related vulnerabilities have a large impact on web application security. This article explores two vulnerabilities related to them: session puzzling and bypassing two-factor authentication. Read More

This article explains the origins of the Clickjacking Attack and how it works. It then examines how a researcher discovered a Clickjacking bug on Facebook and how Facebook responded to the Clickjacking attack. Finally, the article provides advice on how to prevent Clickjacking Attacks by using the X-Frame-Options HTTP security header. Read More

This article describes the details and logic behind a vulnerability that combines Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE) on routers. This combination can allow a hacker to discover and gain access to the machines within the network of a router. Content-Type Headers provide a critical role in security against it. Read More

This blog post includes a discussion of URLs, their structure, how they can contain sensitive information and why it's so difficult to parse them without introducing vulnerabilities. We include an example of how a parsing error led to a Window Opener Protection Bypass. Read More