Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive the traffic from the vulnerable server.
This article is a great example why you should use your own router instead of ISP provided one
You're viewing a single thread.
I’m not a programmer but is it normal that the login page contains the whole main JavaScript code of a logged in user?
Also, what’s the point of having this kind of client side api? Because you can never trust the client shouldn’t be everything server side and only return a html page with the data related to your account?
It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way
There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)