Search
1000 results for “bug”
-
A very nice pair of pieces for all my #programmer chums to read today. The first summarises bugs in some #Rust code: https://seclists.org/oss-sec/2026/q2/332. The Rust code in question replaces older #C code which only didn't have those bugs because it had had 30 years of bug reports and patches. The second article dives into some common patterns patterns in the bugs. Those patterns will occur in code written in *every* language, so the lessons to be taken will apply to *you*: https://corrode.dev/blog/bugs-rust-wont-catch/
-
"I have lost control of my life"
~ Buggy The Genius JesterAnime Quote source: One Piece
Episode: 1086
Arc: Egghead
English Dub#buggytheclown #onepiece #buggy #BuggyTheGeniusJester #anime #onepieceanime #buggyonepiece #onepiecenetflix #onepiecefan #animequotes #otaku #animefan #animelover #shonen #Egghead #Eggheadarc #OnePieceEgghead #OnePieceQuote
-
"I have lost control of my life"
~ Buggy The Genius JesterAnime Quote source: One Piece
Episode: 1086
Arc: Egghead
English Dub#buggytheclown #onepiece #buggy #BuggyTheGeniusJester #anime #onepieceanime #buggyonepiece #onepiecenetflix #onepiecefan #animequotes #otaku #animefan #animelover #shonen #Egghead #Eggheadarc #OnePieceEgghead #OnePieceQuote
-
Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearchhttps://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss
-
Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearchhttps://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss
-
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
How I Found a CSRF Vulnerability That Could Take Over Student Accounts on an Educational Platform
This vulnerability was a Cross-Site Request Forgery (CSRF) attack, allowing malicious users to hijack student accounts on an educational platform by manipulating a sensitive account management action (changing passwords) through an unsuspecting victim's browser session. The application failed to verify that the origin of the request was the legitimate user, instead relying on session cookies for authentication without additional CSRF protection. By using a crafted payload within a link, the researcher exploited the flawed security mechanism by forcing the victim's browser to make a password change request on behalf of the attacker. The impact was significant as unauthorized individuals could gain access to sensitive student accounts. The researcher received $500 as part of the bug bounty program, and the platform responded by implementing CSRF tokens for account management actions to prevent future attacks. Key lesson: Always implement CSRF tokens to protect sensitive user actions. #BugBounty #Cybersecurity #WebSecurity #CSRF -
Bug fingerprinting для UI: почему stack trace не работает и что вместо
TL;DR: Sentry дедуплицирует backend-ошибки по хешу (error class + top stack frame + module) . Для UI-багов этот рецепт ломается — у expect(button).toBeVisible() нет stack frame в продуктовом смысле, есть локатор + assertion + URL . В webtest-orch я собрал composite SHA-256 fingerprint из (normalized_selector | assertion type | error class | URL template | message[:80]) с тремя rules нормализации ( :nth-child , UUID, /users/123 → /users/:id ). Это даёт стабильный 8-hex BUG-id который выживает прогоны и даёт diff new / regression / persisting / fixed без БД и embedding’ов.
https://habr.com/ru/articles/1032230/
#playwright #qa_automation #qa_testing #claude #agents #agent_skills #aria #webразработка #fingerprint #ui
-
Bug fingerprinting для UI: почему stack trace не работает и что вместо
TL;DR: Sentry дедуплицирует backend-ошибки по хешу (error class + top stack frame + module) . Для UI-багов этот рецепт ломается — у expect(button).toBeVisible() нет stack frame в продуктовом смысле, есть локатор + assertion + URL . В webtest-orch я собрал composite SHA-256 fingerprint из (normalized_selector | assertion type | error class | URL template | message[:80]) с тремя rules нормализации ( :nth-child , UUID, /users/123 → /users/:id ). Это даёт стабильный 8-hex BUG-id который выживает прогоны и даёт diff new / regression / persisting / fixed без БД и embedding’ов.
https://habr.com/ru/articles/1032230/
#playwright #qa_automation #qa_testing #claude #agents #agent_skills #aria #webразработка #fingerprint #ui
-
Bug fingerprinting для UI: почему stack trace не работает и что вместо
TL;DR: Sentry дедуплицирует backend-ошибки по хешу (error class + top stack frame + module) . Для UI-багов этот рецепт ломается — у expect(button).toBeVisible() нет stack frame в продуктовом смысле, есть локатор + assertion + URL . В webtest-orch я собрал composite SHA-256 fingerprint из (normalized_selector | assertion type | error class | URL template | message[:80]) с тремя rules нормализации ( :nth-child , UUID, /users/123 → /users/:id ). Это даёт стабильный 8-hex BUG-id который выживает прогоны и даёт diff new / regression / persisting / fixed без БД и embedding’ов.
https://habr.com/ru/articles/1032230/
#playwright #qa_automation #qa_testing #claude #agents #agent_skills #aria #webразработка #fingerprint #ui
-
Bug fingerprinting для UI: почему stack trace не работает и что вместо
TL;DR: Sentry дедуплицирует backend-ошибки по хешу (error class + top stack frame + module) . Для UI-багов этот рецепт ломается — у expect(button).toBeVisible() нет stack frame в продуктовом смысле, есть локатор + assertion + URL . В webtest-orch я собрал composite SHA-256 fingerprint из (normalized_selector | assertion type | error class | URL template | message[:80]) с тремя rules нормализации ( :nth-child , UUID, /users/123 → /users/:id ). Это даёт стабильный 8-hex BUG-id который выживает прогоны и даёт diff new / regression / persisting / fixed без БД и embedding’ов.
https://habr.com/ru/articles/1032230/
#playwright #qa_automation #qa_testing #claude #agents #agent_skills #aria #webразработка #fingerprint #ui
-
Let me share one of my #SmallWonders that I met in the Jungle. how gorgeous is that shade of red? #Photography #Nature #Dragonfly 📸📸 #虫 🌿 #NatureJournal #BugSky
RE: https://bsky.app/profile/did:plc:ylvjkvcjyosjqhn7lsoxbf3x/post/3laeq3fzw2v2n -
CW: vore
-
Buggeration. I've managed to subscribe my tiny ActivityPub server to a Lemmy community and I'm now being inundated with messages about who liked what, which communities have been blocked, downvotes etc.
When I send an #Undo message in #ActivityPub, does it need to contain the same ID as the follow request?
-
#FCPX 11.1.1 on Sequoia 15.6.1 started hanging on every launch, regardless which library is getting open (even completely newly created ones). Sometimes it helps to open the library file while holding Optinstead of launching the app, but not always.
Resetting prefs, reinstalling FCPX or revalidating AUs don't help.
-
bug on the ceiling
-
🚨Breaking News: A 12-year-old #bug in G++ decided to pull a "hold my beer" and single-handedly #crash #Solidity. 🤦♂️ Because why fix old bugs when you can let them wreak havoc decades later? 🐛✨
https://osec.io/blog/2025-08-11-compiler-bug-causes-compiler-bug/ #BreakingNews #GPP #SoftwareDevelopment #TechNews #HackerNews #ngated
