security - Read For Learn

Where does Internet Explorer store saved passwords?

I found the answer. IE stores passwords in two different locations based on the password type: Http-Auth: %APPDATA%\Microsoft\Credentials, in encrypted files Form-based: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2, encrypted with the url From a very good page on NirSoft.com: Starting from version 7.0 of Internet Explorer, Microsoft completely changed the way that passwords are saved. In previous versions (4.0 … Read more

Can an attacker use inspect element harmfully?

The changes are temporary on the individual user’s browser. However, the changes will allow that user to interact with your backend however they choose to do so. This is one way in which sites are attacked. The standard rule is to never trust input coming from the user / browser. Do not trust the value … Read more

how fix “this certificate cannot be verified up to a trusted certification authority”

I have problem in IE9 with securiry certificate. Then I go to specific address I got How can I avoid appearence of this window? I try enter on Continue to this website (not recommended). – cectificate error – View Certificates. I see that This certificate is OK. in certificate Status on certification Path tab. But … Read more

Convert .pfx to .cer

the simple way I believe is to import it then export it, using the certificate manager in Windows Management Console.

How to view PHP on live site

No, as it is interpreted on the server-side and the results are sent to the user. If you want to view the source code of a site you control in-browser, consider the FirePHP extension for Firebug, or just access your site files with your preferred method.

Error `sec_error_revoked_certificate` when viewed in Firefox only

When Firefox web browser checks a security certificate, it also checks with the issuing authority if the certificate is valid. It appears that, near a certificate’s expiration date, the issuing authority may release a new certificate. The two certificates have conflicting expiration dates. For reasons unknown, this caused Firefox to report a sec_error_revoked_certificate error and … Read more

How does the SQL injection from the “Bobby Tables” XKCD comic work?

It drops the students table. The original code in the school’s program probably looks something like This is the naive way to add text input into a query, and is very bad, as you will see. After the values from the first name, middle name textbox FNMName.Text (which is Robert’); DROP TABLE STUDENTS; –) and the last name textbox LName.Text (let’s … Read more

When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?

This is specific for each site. So if you type that once, you will only get through that site and all other sites will need a similar type-through. It is also remembered for that site and you have to click on the padlock to reset it (so you can type it again): Needless to say … Read more

what is a auth_user_file.txt?

I assume that those crawlers are looking for auth_user_file.txt because its name is probably given in some tutorial for Apache’s mod_authn_file module; when an admin makes the mistake of putting the file in the webserver’s DOCROOT, then it is free for downloading by anyone who asks. Once an attacker downloads the file, they can brute-force the password hashes, and gain … Read more

Why does the URL http://a/%%30%30 crash Google Chrome?

Tom Scott explains this in his YouTube video: http://a/%%30%30 is decoded as http://a/%00 because %30 is 0 http://a/%00 is then further decoded by another piece of code as http://a/<NULL> because %00 is the NULL character The bug was originally demonstrated by Andris Atteka who simply added a null character to the string.

+ More