Questions tagged [url]
The url tag has no summary.
239 questions
8
votes
1
answer
2k
views
URL parameter "x="
My website is getting many page requests of the form https://example.com/?x=15672345682564 [14 digits]
Should I block these requests or are these non-malicious, like from search engines?
- 183
0
votes
1
answer
303
views
Sites flagged by Virustotal - need url examples
I'm using Virustotal api (https://docs.virustotal.com/docs/api-overview) in my python code to scan urls. I'm trying to find some examples of urls that are flagged as malicious by virustotal so I can ...
- 101
1
vote
0
answers
77
views
Poisoned Google search result on legitimate website [closed]
So I found something strange today:
Typed keyword "yelena thunderbolts" in Google (https://www.google.com)
Switch to Short videos section
Open an Instagram video from search result
Notice ...
- 181
1
vote
1
answer
99
views
I'm calling the API of a third party, and have to pass the credentials as parameters in a HTTPS URL. Is that safe?
Basically I am doing a GET on this URL from SAP:
https://www.thirdparty.be/webservices.php?m=get_private_information&o=json&u=username&p=password
The third party webservice does use IP-...
0
votes
1
answer
203
views
Most hacker-proof login page
I'm trying to think of a way to create the most hacker-proof login system that I can only get into.
Currently my login page only consists of a password box and a button to submit data. Its run on an ...
- 11
0
votes
0
answers
122
views
Is credential in URL obsolete (or should I be bold to drop support for it)? [duplicate]
As we know, it is possible to include username and password in the authority part of an URL. I see it's still being documented in MDN. BUT:
Would I do people a favor if I drop support for it in my web ...
- 402
0
votes
0
answers
127
views
Why do phishing attackers not alter the reference image along with the PGP signature and other content?
I don´t really understand the tech behind that. I don´t understand how the image is not changed by the ones who want to steal from you but the rest of the pgp signature match the phishing site.
The ...
1
vote
1
answer
121
views
User friendly yet secure policy for using imported URLs
Real case: I am writing dictionary program and part of the data are URLs. When I set them myself, life is simple, because it is me, so I know what I do. But when I import dictionary data from somebody ...
- 185
1
vote
1
answer
108
views
how to exploit pathtraversal vulnerability
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{...
- 559
2
votes
0
answers
56
views
What could this partially nonsense URL request to my site be? [duplicate]
Url requested:
https://site.azurewebsites.net/fky_7143_tczf_ohced.aspx?group=CON&branch=A&[email protected]&page=stocks/Bep_EQ32_agepbb_abfgjc_ctkdcem.aspx?veBjt=09983&...
0
votes
1
answer
111
views
Under which situations is open redirection possible?
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=... to see ...
21
votes
6
answers
15k
views
Are Cyrillic characters a real threat?
I've seen people in security saying URLs with Cyrillic characters are dangerous. If you ever type such characters on a browser you'd see they break into crazy unrecognizable URLs that have nothing to ...
- 375
2
votes
0
answers
145
views
I clicked on a suspect link, whose base url was live (dot) tvstreaming4k (dot) com, during a live event. Is this a threat? [duplicate]
Edit: It has been observed that my question may already have an answer here How to check whether a link is safe or not? [closed] and here How do I safely inspect a potentially malicious website?. Even ...
- 131
2
votes
2
answers
10k
views
Steps after accidentally opening malicious URL with Android device
So I opened a malicious URL with my Android phone. It took some 20 seconds to dawn on me after which I put it on airplane mode. I didn't enter any info in the meanwhile.
I tried to see if I can assess ...
- 23
0
votes
1
answer
151
views
URL redirects properly to all URL protocols except https://www
I have a domain that properly redirects as expected to protocol https://newhavendisplay.com, except for https://www.newhavendisplay.com, which triggers the "This connection is not private" ...
- 3