はてブログ

はてなブックマーク新着エントリーの過去ログサイトです。



タグ Tom Anthony

新着順 人気順 5 users 10 users 50 users 100 users 500 users 1000 users
 
(1 - 3 / 3件)
 

Zoom Security Exploit - Cracking private meeting passwords - Tom Anthony

2020/07/29 このエントリーをはてなブックマークに追加 10 users Instapaper Pocket Tweet Facebook Share Evernote Clip

Short version: Zoom meetings were default protected by a 6 digit numeric password, meaning 1 million maximum passwords. I discovered a vulnerability in the Zoom web client that allowed checking if a password is correct for a meeting, due to broken CSRF and no rate limiting. This enabled an attack... 続きを読む

XSS attacks on Googlebot allow search index manipulation - Tom Anthony

2019/07/19 このエントリーをはてなブックマークに追加 8 users Instapaper Pocket Tweet Facebook Share Evernote Clip

Short version: Googlebot is based on Google Chrome version 41 (2015), and therefore it has no XSS Auditor, which later versions of Chrome use to protect the user from XSS attacks. Many sites are susceptible to XSS Attacks, where the URL can be manipulated to inject unsanitized Javascript code int... 続きを読む

Googlebot's Javascript random() function is deterministic - Tom Anthony

2018/02/07 このエントリーをはてなブックマークに追加 22 users Instapaper Pocket Tweet Facebook Share Evernote Clip

I was conducting some experiments on how Googlebot parses and renders Javascript, and I came across a couple of interesting things about the way it does so. The first is that Googlebot’s Math.random()... 続きを読む

 
(1 - 3 / 3件)