PortSwigger : Exploiting LLM APIs with excessive agency
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
3 min read Mika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture
3 min read We will explain how to use John the Ripper, a tool used to crack passwords, to crack a passphrase of an SSH Private Key with the famous wordlist rockyou.txt. Continuer la lecture
2 min read The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
2 min read Real visitor IPs in Nginx logs when using CloudFlare. Continuer la lecture
2 min read To improve the security of your server and reduce brute force attacks, it is important to change the default SSH port to 22. Continuer la lecture
2 min read How to hide the Nginx version? Continuer la lecture