Tagged “vulnerability”

1. TIL CSS Vulnerability in Yahoo Mail Jun 22, 2022 css security vulnerability email

   CSS doesn't immediately fail on parse errors. In 2009 it turned out Yahoo Mail was vulnerable to a fairly simple exploit. The attacker sends the user one email with a snippet of code and another email to run the code

2. TIL how CORs work Jun 14, 2022 security vulnerability webdev

   We kinda need images to work regardless of what site they're on. I should be able to steal a image from your website and host it somewhere else. Same with JS code (Like CDNs!) But we also don't want the problem above where I can test your cookies to see if you're logged into your bank account.

3. TIL Never deserializing untrusted data Jun 05, 2022 php security vulnerability json

   This happened the most in PHP, because for some reason, PHP developers love to serialize/deserialize objects instead of using JSON, but I’d say almost every case we saw where a server was deserializing a client object and parsing it led to a horrible exploit.

See all tags.