Analýza bezpečnosti webových stránok operačných programov
(Reakcia na vyjadrenia ministra Štefanova)

predmet prispevku

v zivote som o vas nepocul pan odbornik. vela exibicionizmu skodi. venujte sa radsej politike alebo serioznej praci. man-in-the-middle attack moze byt pouzity na lubovolnej stranke samozrejme s roznou narocnostou. XSS sa vyskytuje takmer u vsetkych beznych CMS vratane opensource. samozrejme, ze sa nedaju najst za minutku.
pekny den

trosku pokoja....

ak chcete kritizovat tak by ste to mali robit trosku v medziach slusnosti. ani o vas nikto nic nepocul, tiez ma zaraza ze odporucate p.Jombikovi sa venovat serioznej praci, rad by som poznal vas pohlad na serioznu pracu resp. ci vobec viete comu sa p.Jombik venuje.

neda mi nespomenut, ze dana zranitelnost nema s utokom typu mitm nic spolocne a mitm sa uz vobec neda pouzit na "lubovolnej stranke". xss v ziadnom pripade nemozete generalizovat na mitm, existuje samozrejme sposob ako xss vyuzit na typ mitm, ale ten ma na mile daleko od xss typu na spominanych strankach. tiez nie je pravda, ze vacsina CMS trpi touto formou zranitelnosti, poznam velmi vela systemov ktore to maju osetrene, a veruze sa xss zranitelnost da odhalit za minutku...aj rychlejsie.

clanok sa mi zda v poriadku, nie je prehnany, poukazuje na realne nedostaky v aplikacii, aj ked dana xss zranitelnost sa mohla popisat odbornejsie...ale ako vravim, nie to bola podstata clanku

analyza ...

Uroven popisu chyb je nizka, ale je to z dovodu, ze tie chyby su tak trivialne, ze nic zlozitejsie netreba :)

Celkom sa cudujem, ze to nezabezpecili proti tymto utokom hned ako zistili, ze sa to bude medializovat. Ved muselo byt jasne, ze v tom momente sa tam niekto nabura. Pravdepodobne vobec netusili, co je XSS :)

Btw. tu analyzu by mohol skusit niekto spravi teraz po zakladnom osetreni pravdepodobne stiahnutom z prveho google odkazu :) Vysledok by bol asi podobny, akurat by trvalo o 7 minut dlhsie najst chybu. Rozsiahle CMS musi byt programovane so zasadami bezpecnosti, nestaci narychlo osetrit jeden search formular ...

Ad XSS a script-kidie -> tento utok je tak neskutocne preflaknuty, ze ano. script kiddie ho zvladne. Bez problemov. na XSS attack example vypluvne google tolko odkazov, ze to zvladne aj moj stary otec ...

Ad Man In The Middle -> clovece, to ze si nieco precitas na bleskovky.sk v sekcii pocitace neznamena, ze tomu rozumies. Prosim,napis ako zautics pomocou man in the middle na
https://ib.slsp.sk/main/start.do
Uz ta adresa je hint, musi tam byt https, aby sa o tom dalo zacat hovorit ;)

... analyza ...

Ked uz sa tu niekto hra na bezpectnostneho analytika, tak by mal tak aj prezentovat informacie!

Pokial opisujem nejaky utok, tak napisem aj ako bol tento utok vykonany. Ten screenshot mozno vyzera pekne ale nema ziadnu vypovednu hodnotu. Preco tam napriklad nie je zachytena url adresa?

Ten XSS utok ktory bol vykonany bol typu non-persistent, to znamena, ze na to aby sme mohli vidiet jeho vysledok, musime poznat specialne upravenu URL adresa. Cize neda sa to docielit beznou navigaciou na sranke.

Podstata spocivala v tom, ze na stranke po uskutocneni vyhladavania, sa v url adrese nahradil hladany text "zakernym" html kodom:
"'<h1>TUNEL?</H1><img src="http://fotky.sme.sk/foto/44864/tunel?type=v&x =650&y=487">
ktory sposobil, ze na mieste vypisania hladaneho vyrazu sa ukazal obrazok tunela.

K ziadnym trvalym zmenam nedoslo, "tunel" bol pristupny iba na upravenej url adrese. Do stranky sa v skutocnosti nic neulozilo, len to co si tam sam navstenik doniesol so sebou.

PS: Tento clanok povazujem za pamflet, ziadna analyza bezpecnosti sa nekonala ...

RE: ... analyza ...

> Pokial opisujem nejaky utok, tak napisem aj ako
> bol tento utok vykonany. Ten screenshot mozno
> vyzera pekne ale nema ziadnu vypovednu hodnotu.
> Preco tam napriklad nie je zachytena url adresa?

Pan Plavec, poprosim vas precitat si samotny clanok este *pred* jeho kritizovanim. Tu su zverejnene spominane URL:

http://platon.sk/article.php?72#5

Dakujem

RE: ... analyza ...

RE: ... analyza ...

RE: ... analyza ...

Prosim vas uvedomte si, ze sa jednalo o POC a nie o dokazovanie, co sa vdaka zranitelnosti da vykonat. Vdaka spominanej chybe sa daju vykonat zakerne utoky voci uzivatelom systemu, zialbohu zavaznost xss zranitelnosti sa podcenuje prave kvoli neznalosti problematiky do hlbky

RE: ... analyza ...

Ked to bolo POC, tak preco bolo v nadpise "analyza bezpecnosti", POC a analyza maju od seba na mile daleko.
Clanok "predava" produkt, ktory je zabaleny do obalu drahej znacky, ale ked to rozbalite, tak zistite, ze je to len prebal nejakeho lacneho vyrobku ktory nejde na odbyt.
Netreba ziadne dokazovanie zranitelnosti, stacilo len pomenovat co sa stalo a nazorne, slovne vysvetlit postup/princip.
Autor preukazal znalosti prekladu wikipedie, tak ked uz prekladal, tak mohol strucne vymenovat typy XSS utokov a predmetny utak zaradit do tejto klasifikacie.

Analyza bezpecnosti nie je bulvar ...

RE: ... analyza ...

pozrite, POC je priklad konkretnej zranitelnosti, cize od analyzy nema na mile daleko a v tomto priklade zvoleny POC bol spravny, nemozete predsa chciet aby ako POC bol pouzity napriklad remote script, ktory by harvestoval cookies atd. tou druhou vetou nerozumiem co ste chceli povedat. Myslim, ze pre siroku verejnost je dana zranitelnost vysvetlena dostatocne, nejake hlbkove definicie by boli zbytocne, pretoze by tomu nikto nerozumel. tiez si myslim, ze klasifikacie by boli zbytocne, mohli by posobit matuco. chapem aj vas postoj, ale niekedy je menej viac :)

Jombo na hrad !!

Jombo na hrad !!

geek squad

[url=https://geekquadstech.support/]geek squad appointment[/url] |
[url=https://geekquadstech.support/]best buy geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad appointment scheduling[/url] |
[url=https://geekquadstech.support/]schedule a geek squad appointment online[/url] |
[url=https://geekquadstech.support/]schedule geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad in home appointment[/url] |

geek squad

[url=https://geekquadstech.support/]geek squad appointment[/url] |
[url=https://geekquadstech.support/]best buy geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad appointment scheduling[/url] |
[url=https://geekquadstech.support/]schedule a geek squad appointment online[/url] |
[url=https://geekquadstech.support/]schedule geek squad appointment[/url] |
[url=https://geekquadstech.support/]geek squad in home appointment[/url] |

College Research Paper Services

One unique characteristic of the firm's Custom Research Paper Services and College Paper Writing Services is that they offer the best market rates and actual research on all their Custom College Paper Writing Services.

WWW.AVG.COM/REGISTRATION

Technology is advancing day by day & advancement of technology made people more dependent on it. Using technology is all fine but it also have a dark side.

i have kaspersky activation code

If you have purchased a new kaspersky Antivirus product or if an old one is damaged, then contact kaspersky support installation guide. However, if you have not installed or configured the security system on your computer,

WWW.AVG.COM/RETAIL

Technology is advancing day by day & advancement of technology made people more dependent on it.

WWW.AVG.COM/RETAIL

Technology is advancing day by day & advancement of technology made people more dependent on it.

www.bitdefender.com/central

Bitdefender Total Security is designed to protect you against the most advanced cyber threats on the planet.

download kaspersky using activation code

As people all around the world carry out their everyday work on their official and personal computers,

AVG DOWNLOAD PAID VERSION

Technology is advancing day by day & advancement of technology made people more dependent on it.

install webroot with key code

webroot new users have to scratch key code very gently otherwise it will get ripped off. In this case,

download bitdefender free

Bitdefender Total Security is designed to protect you against the most advanced cyber threats on the planet.

reinstall kaspersky internet security

Kaspersky Total Security helps defend your family once they surf, shop, socialize or stream.

INSTALL AVG WITH LICENSE NUMBER

Technology is advancing day by day & advancement of technology made people more dependent on it.

INSTALL AVG WITH LICENSE NUMBER

Technology is advancing day by day & advancement of technology made people more dependent on it. Using technology is all fine but it also have a dark side.

bitdefender sign in

Bitdefender a lightening fast free antivirus offers the best protection for your systems, also it provide you smoothest experience managing and using your Bitdefender products on all of your systems like Windows based,

jasa aqiqah

great info, thanks for share it

I need your love

In our lifetime, we always face lots of worries and worries. At times like that, I thought I was lucky. Because of that, I always had to move, rise and develop.

RE: Antispam Test

Hello! this complex question. Here it is necessary to think...

Happy New Year 2021 Images

Find the perfect happy new year 2021 Events2021 photo. Huge collection, amazing choice, 100+ million high quality, affordable RF and RM images. No need to
https://www.events2021.com/happy-new-year-2021-i mages/

Happy New Year 2021 Images

Find the perfect happy new year 2021 Events2021 photo. Huge collection, amazing choice, 100+ million high quality, affordable RF and RM images. No need to
https://www.events2021.com/happy-new-year-2021-i mages/

Awesome!

I am amaze on how you respond on the Minister's statement about the subject, you have a great knowledge on this and you nailed every bit of it!

Xfinity.com/authorize - Activate Xifinity Beta on Roku.

Go to xfinity.com/authorize from another device like a mobile phone, tablet or desktop - not from your Roku. From the web browser, enter the six-digit code

Puff Sleeve Blouse Designs

What is so special about a Puff Sleeve Blouse? The main attraction of this blouse design lies around the Sleeve region. This is practically a sleek fond, making the attire more appropriate, pretty, and elegant. These days, brides are breaking the old and fragile rules on apparel and attires.

CBD Lead Generation

CBD Lead Generation, a short form of &#8216;Cannabidiol&#8217; is a chemical compound from the Cannabis Sativa plant, which is also known as marijuana.

Web Application Firewall (WAF)

Always Informed: Know where the attacks are coming from, what are the IPs, & other info. Prevent all possible malicious activities by customizing firewall rules.
Sonic Nutrition

India's No. 1 Bulk SMS Service Provider in Bangalore (Get Upto 40% Extra) - GetItSMS

Having a service to send an SMS/MSG blast can help businesses a lot and provide them with a complete solution. SMS blast service has come a long way that will help businesses a lot and provide them with the best service ever. There is nothing hard to have the service of SMS blast for any of the businesses. Also We'll help you to send 1000 SMS at a time free online. The bulk WhatsApp SMS platform makes it easy for you to promote your company using WhatsApp promotional texts. The promotional messaging service on Whatsapp could make it easier for your business to reach out to potential clients.So, GetItSMS is the best SMS marketing Company. Looking to have a bulk SMS API for your business? What are the things that you know about the service of bulk SMS gateway API? Now no worries GetItSMS is offering enterprises a complete mass communication solution. Which will help them to uplift their business to the bandwagon of today&#8217;s mass marketing. If you are looking to have the service of mass communication or bulk SMS gateway API. Our team will help you to have the service of bulk SMS gateway API. Are you looking for how to send bulk WhatsApp messages?What is the best way to send bulk WhatsApp messages? How do WhatsApp bulk messages work? Technology is growing leaps and bounds and has helped us all to eliminate multiple issues. That we all were facing to communicate with each other. Whether it is about communication between friends and families or enterprises to consumers. Communication has been the main purpose of us all. OTP SMS service provider delivers timely service of OTP SMS. Where you will get online OTP service for your business. OTP SMS service uses a mobile number for OTP to verify the user information. Bulk SMS service provider in Delhi comes with a number of advantages. This mass communication service of a bulk SMS service provider in Delhi will provide you with a bulk SMS API. Which will make your service respond and deliver SMS automatically.

North Indian Pandit In Bangalore

This information is beneficial to me. Thank you for sharing your knowledge with us. I&#8217;ve got something useful I hope you&#8217;re Interested, North Indian Pandit in Bangalore | Hindi Pandit in Bangalore: We the Indians start our every work saying the name of the Lord and that must be done as per the rituals. So, therefore when you are saying the Lord&#8217;s name first to start anything that needs you to have experienced Pandits/Guruji&#8217;s. When you have experienced Guru Ji or Pandit Ji&#8217;s to meet the true name of the God that gives you peace of mind and satisfaction. As per the Hindu rituals, our pandits can&#8217;t see blasphemy done by anyone. So, keeping every ritual in mind we give you experienced North Indian Pandit in Bangalore for Marriage and other activities related to Hinduism. If you are looking for North Indian Pandit in Bangalore, our team of 99pandit.com will help you out in this.

Book a Pandit Online

We are grateful to you for assisting us by giving the information regarding the project that you had. Your efforts allowed us to better understand the consumer while while saving us time. Do you know Our Promotional Bulk SMS lets enterprises to promote their businesses. This has a huge impact on attracting more visitors and creating quality customers. Hence, bulk SMS advertising is the only option for companies looking to develop a solid marketing strategy to meet all of their business goals. Also In the current market trend to offer effective marketing services, we offer Transactional Bulk SMS in India and other countries to make communication personalized and effective. Here are some major reasons that will help you choose an SMS advertising service in India. Are you looking to send messages in the Australia? Bulk SMS Australia can help you to better approach your business&#8217;s targeted audience in minutes without any active internet connection. We are providing a bulk SMS gateway that will help you to deliver your messages to all types of customers. Want to know about the bulk SMS character limit in bulk SMS service? What is the SMS character limit? The service of bulk SMS is the foremost service for different businesses. Which helps companies to send messages or SMS to their customers. However, bulk SMS service can be used for different purposes and this can help communicate in the most convenient way. Till now a number of companies have used the service of bulk SMS. Which has given the top advantages of bulk SMS. In order to communicate with its customers and provide its services. Bulk SMS UK can help you to better approach your business&#8217;s targeted audience in minutes without any active internet connection. We are providing a bulk SMS gateway that will help you to deliver your messages to all types of customers. Best OTP SMS service provider can your business. To deliver the best services for your business all the time. So, if you look at the results of one time password SMS Blast service. This has provided excellent service in security to the businesses. We will help you to have the service for your business of miss call alert by providing you with the best missed call service provider in India. The service of miss call alert has become so important and this has been our first priority to provide a better service for us. As a business, we can not provide a better service to our customers. If we do not have better weapons such as a best missed call service provider in India. We can not win the war. Come What May, we need to have a best-missed call service provider in India for the company. If we want to provide better results to our business&#8217;s potential customers. Now with peace of mind, send bulk SMS South Africa and make things work for your business. This is a top mass communication service that will help your business. Do you want to integrate the SMS gateway PHP ? Are you looking for a solution to your SMS service? GetItSMS will help you in integrating the SMS Gateway API. Which is providing bulk SMS API to all its clients in India. This cheap SMS gateway will meet all your requirements to deliver your business messages.

The best way to find your home.

I am glad that you have shared your knowledge and the wealth of information that it contains. This provides us with more insights and motivation. I look forward to reading more of your posts in the future. The best way to find your home is Aawasam, With over 700,000 active listings Aawasam has the largest inventory of apartments in the india. Aawasam is a real estate marketplace dedicated to helping homeowners, home buyers, sellers, renters and agents find and share information about homes, Aawasam and home improvement. Where do you want to go on your next vacation? Let&#8217;s go to GOA, it is a stunning destination that captures the complete beauty of India and visiting Goa is always fascinating. But, this time let us think something else & different, but what? Buying property in Goa, surely you haven&#8217;t thought about it, but the time has arrived when you can really think of a property investment in Goa to get stability in life. Why investment is important today? One should welcome the change as per the change in time and today buying property is not just to buy a space within four walls, but it is about buying a well developed and modern property and ensures high return over investment (ROI). So if you buy a luxury property it secures your capital and in the upcoming time, it will serve you more advantages. Tata Rio De Goa- Get an international feel and experience the best stay This project by the Tata Housing is surely a paradise for those families who are looking for a complete address that gives them diversified experience with nature love, sterling modern designs, high-security system, dazzling ambience, ideal realm. Pick your own unit to live bigger Here you can pick any unit out of 1, 1.5, 2 and 3 BHK Luxury Apartments and every unit blend the best way to enjoy proper sun-filled, freshness, privacy, space and comfort. And obviously Google, Wikipedia search will help you to find the perfect match. It enjoys the prime location in Dabolim, Goa So come here at Tata Rio De, Dabolim, Goa and stay connected to Goa International Airport, BITS Pilani Campus, Bogmallo Beach, MES College and more. Read More Here: Goa Properties , Tata Rio Deo Goa

wildcraft mod apk

Thank you kindly! Apparently, no one has added me as a friend. I am the only person mentioned. (Cries)

You can search the interests page to find people who share your interests, add some as friends, and some may add you back if you start talking.
https://apksight.com/wildcraft-mod-apk/

Book Online Pandit & Astrologer in all over India. 99 Pandit is providing amazing services of puja you need. Register Now to get online pandit for puja

99Pandit is an online platform where users can find each other to perform any activity/ variant puja related to Hinduism through our website.

hinditsolution

This knowledge is beneficial to me. Thank you for sharing your facts with us. Hind It Solution As mobiles become essential to everybody's life, businesses have started using SMS Portal to improve their stamina. Bulk SMS advertising and marketing are now at the height of demand for several reasons. It aids any brand name to connect to considerable customers in a short time and also delivers the right message effectively. It is less expensive as well as extra effective to make use of than various other marketing choices. Continue analysis to understand more details! Now, it is easy to send 1000 text messages thanks to the development of technology. Bulk SMS Service Provider in delhi can support you in this attempt so you can reach your goal effortlessly. Are you wondering How to Send 1000 SMS at Once a Time Free Online ? Well, you are on the right goal. Here are some tips that will help you to send a thousand SMS at the same time. It assists you in interacting with a significant variety of people at the same time. You can send Bulk SMS Delhi to the provider's web server. It suggests you first need to work with a knowledgeable and experienced Mass SMS company. Then, you should develop a short message whereby you want to interact with the people.


Hind It Solution Rather than working with a Bulk SMS service provider , you can even utilize bulk SMS software applications. This software application is readily available and permits you to send out multiple Bulk SMS Service to various people with a solitary click. This software application gives you complete control over your advertising and marketing project. It assists you in assessing your advertising and marketing campaign development, outcomes and reaction rate.
Sms gateway api
Receive SMS Online

iboga for sale

it is very important for us to be free from drug addiction. You can visit our site where you will find Ibogaine For Sale. Some people prefer to get Iboga For Sale.

hinditsolution

How to guest posting

Best Informative Articles

Your blog has fixed my bundle of meaningful problems whose options were very entangled. I have actually never ever experienced the variety of excellents in the very same web content.

https://maddycrusoe.blogspot.com/
https://bes tinformativearticless.blogspot.com/
https://allab outeverymatter.blogspot.com/

SEO

Awesome piece of creating which have couple of lessons for a competent web content author.

baccaratcommunity

It's really great. Thank you for providing a quality article. There is something you might be interested in. Do you know baccaratcommunity ? If you have more questions, please come to my site and check it out!

vs4u

[url=https://www.visasolutions4u.com/coaching/ielt s-coaching] ielts rajouri garden[/url]

With track record of 100 percent visa approvals Visa Solutions 4u is renowned name in top 10 best immigration consultants in Janakpuri, Delhi Ncr, India

https://bit.ly/3vUVjwG

https://bit.ly/3GBAP0W

https://bit.ly/3GyMr4P

https://bit.ly/3ivugVJ

https://bit.ly/3X2t5Mw

https://bit.ly/3GDa7 8c

https://bit.ly/3k9ukLr

https://bit.ly/3iE pXaC

https://bit.ly/3kcJgZ2
https://bit.ly/3w3 axQh
https://bit.ly/3vUYdBF
https://bit.ly/3Qw0S LH
https://bit.ly/3iEq5XE
https://bit.ly/3CHSjrD
https://bit.ly/3QAJWDL
https://bit.ly/3CISrqK
https://bit.ly/3QxjKtA
https://bit.ly/3QAhIZH
ht tps://bit.ly/3iw5XHc
https://bit.ly/3ZxmsmY
http s://bit.ly/3Gs3Gow
https://bit.ly/3vY83CW
https: //goo.gl/maps/zBR6SeYYaTiZisTR7

https://goo.gl/ maps/4KcDgCvGBtRRytCy6

https://goo.gl/maps/dyru dQNn7b3rTMEX8

Web Kami Terbaik 2023

Berjudi bisa menjadi hiburan yang menyenangkan bagi pemain poker88 slot yang menikmati sensasi risiko dan kemungkinan menang besar. Namun, penting untuk bermain poker88 dengan hati-hati dan menetapkan batasan untuk memastikannya tetap menjadi aktivitas yang menyenangkan dan menghibur.