Skip to main content
Websec Logo

Websec Cybersecurity Blog

Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.

Featured Article

Our most important cybersecurity insight

Image unavailable
Blog October 3, 2023

A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalation

In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.

# CVE-2015-5198 # Checkmarx # CodeQL # UNIX
Read the full article
Filtering by: Topic: XSS
Image unavailable
Blog December 19, 2017

Three Non Web-based XSS Injections

In this post guest blogger Alejandro Hernandez (nitr0us) writes about some interesting and fun XSS vectors which are not commonly seen.

# Alejandro # Cross-site Scripting # Hernandez # Injection # Non-web # XSS # nitr0usmx
Read more
Image unavailable
Blog May 30, 2012

Cookie Stealing By Router Pharming (2Wire)

Multiple stage exploit used to obtain cookies of many domains by exploiting several vulnerabilities on 2Wire routers.

# 2wire # Auth # Bypass # Cookie # Cross Site # Exploit # Forgery # Hijacking # Request # Router # Scripting # Session # XSS
Read more
Image unavailable
Blog August 26, 2010

Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug

Using the "URL Obfuscation in Frames" bug to enable remote administration on a Linksys WRT160N router

# Basic Auth # Default password # HTTP # Iframe # Linksys # Routers # URL Obfuscation # WRT160n # XSS
Read more