11 min
Application Security
XSS in JSON: Old-School Attacks for Modern Applications
This post highlights how cross-site scripting has adapted to today’s modern web applications, specifically the API and Javascript Object Notation (JSON).
9 min
Application Security
Overview of Content Security Policies (CSPs) on the Web
A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.
4 min
Application Security
How to Prevent Cross-Site Scripting (XSS) Attacks
Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.
6 min
Application Security
Should You Use a SAST, DAST, or RASP Application Security Tool?
In this blog, we discuss all things web applications and how to select the right application security solution to keep them safe from attack.
2 min
Vulnerability Disclosure
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary
The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015
is vulnerable to stored cross-site scripting in two fields. An attacker would
need to have the ability to create a Workspace and entice a victim to visit the
malicious page in order to run malicious Javascript in the context of the
victim's browser. Since the victim is necessarily authenticated, this can allow
the attacker to perform actions on the Biscom Secure File Transfer instance on
the victim's behalf.
4 min
Vulnerability Disclosure
R7-2016-24, OpenNMS Stored XSS via SNMP (CVE-2016-6555, CVE-2016-6556)
Stored server cross-site scripting (XSS) vulnerabilities in the web application
component of OpenNMS [https://www.opennms.org/en] via the Simple Network
Management Protocol (SNMP). Authentication is not required to exploit.
Credit
This issue was discovered by independent researcher Matthew Kienow
[https://twitter.com/hacksforprofit], and reported by Rapid7.
Products Affected
The following versions were tested and successfully exploited:
* OpenNMS version 18.0.0
* OpenNMS version 18.0.1
Ope
13 min
Vulnerability Disclosure
Multiple Disclosures for Multiple Network Management Systems, Part 2
As you may recall, back in December Rapid7 disclosed six vulnerabilities
[/2015/12/16/multiple-disclosures-for-multiple-network-management-systems] that
affect four different Network Management System (NMS) products, discovered by
Deral Heiland [https://twitter.com/percent_x] of Rapid7 and independent
researcher Matthew Kienow [https://twitter.com/hacksforprofit]. In March, Deral
followed up with another pair of vulnerabilities
[/2016/03/17/r7-2016-02-multiple-vulnerabilities-in-mangeengine-opu
7 min
XSS
Cross-site Scripting (XSS) Attacks vs SQL Injection Attacks (SQLi)
A common misunderstanding in the world of Web Application Security is the
difference between the consequences of a cross-site scripting
[https://www.rapid7.com/fundamentals/cross-site-scripting/] vulnerability and
the consequences of an SQL Injection Attacks (SQLi)
[https://www.rapid7.com/fundamentals/sql-injection-attacks/]. We can even go a
step back and say the misunderstanding is on a much broader level; the
difference in consequences between a client-side exploitable vulnerability and a
ser
4 min
Apple
Abusing Safari's webarchive file format
tldr: For now, don't open .webarchive files, and check the Metasploit module,
Apple Safari .webarchive File Format UXSS
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb]
Safari's webarchive format saves all the resources in a web page - images,
scripts, stylesheets - into a single file. A flaw exists in the security model
behind webarchives that allows us to execute script in the context of any domain
(a Universal Cross-site S