{"id":1157,"date":"2010-11-06T17:42:50","date_gmt":"2010-11-06T17:42:50","guid":{"rendered":"http:\/\/nethemba.com\/sk\/xss-monitoring\/"},"modified":"2010-11-06T17:42:50","modified_gmt":"2010-11-06T17:42:50","slug":"xss-monitoring","status":"publish","type":"post","link":"https:\/\/nethemba.com\/sk\/xss-monitoring\/","title":{"rendered":"XSS monitoring"},"content":{"rendered":"<div id=\"yui_patched_v3_11_0_1_1454064169965_638\" class=\"entry-body\">\n<div id=\"blogs-entry-content-64213\">\n<p id=\"yui_patched_v3_11_0_1_1454064169965_637\"><span id=\"yui_patched_v3_11_0_1_1454064169965_635\">Dnes r\u00e1no zverejnil Krzysztof Kotowicz zauj\u00edmav\u00fd sp\u00f4sob mo\u017enosti monitorovania pou\u017e\u00edvate\u013eov pomocou zranite\u013enosti typu XSS. V\u00e4\u010d\u0161ina \u013eud\u00ed zaoberaj\u00facich sa webovou bezpe\u010dnos\u0165ou tento druh zranite\u013enosti d\u00f4verne pozn\u00e1 a odpor\u00fa\u010dame im najbli\u017e\u0161ie dva odstavce s vysvetlen\u00edm presko\u010di\u0165, pre ostatn\u00fdch nasleduje kr\u00e1tke upresnenie.<\/span><\/p>\n<p><a href=\"http:\/\/en.wikipedia.org\/wiki\/Cross-site_scripting\">XSS cross site scripting<\/a> je zranite\u013enos\u0165 na strane servera, ktor\u00e1 umo\u017e\u0148uje zneu\u017eitie koncov\u00fdch prehliada\u010dov. Jej z\u00e1kladn\u00e9 rozdelenie zah\u0155\u0148a reflexn\u00e9 (reflected) XSS, pri ktorom pou\u017e\u00edvate\u013e vo v\u00e4\u010d\u0161ine pr\u00edpadov podstr\u010d\u00ed obeti URL so &#8222;\u0161kodliv\u00fdm&#8220; k\u00f3dom, ktor\u00fd webov\u00fd prehliada\u010d interpretuje. O nie\u010do kritickej\u0161ie s\u00fa perzistentn\u00e9 XSS, kde nie je potreba posiela\u0165 \u017eiadne URL, \u00fato\u010dn\u00edk javascriptov\u00fd k\u00f3d \u0161ikovne umiestni na server. M\u00f4\u017ee to spravi\u0165 napr\u00edklad pr\u00edspevkom pod ur\u010dit\u00fd blog, po\u0161tou, pridan\u00edm priate\u013ea s koment\u00e1rom. V\u0161etko z\u00e1vis\u00ed od fant\u00e1zie \u00fato\u010dn\u00edka a mo\u017enostiach program\u00e1torov, pred p\u00e1r d\u0148ami sa napr\u00edklad objavila perzistentn\u00e1 XSS na twitteri, ktor\u00e1 bola na\u0161tastie operat\u00edvne opraven\u00e1. Javascriptov\u00fd k\u00f3d v\u0161ak nem\u00e1 kontrolu nad &#8222;cudz\u00edmi&#8220; dom\u00e9nami v\u010faka re\u0161trikcii <a href=\"http:\/\/en.wikipedia.org\/wiki\/Same_origin_policy\">SOP<\/a> a modelu <a href=\"http:\/\/en.wikipedia.org\/wiki\/Document_Object_Model\">DOM<\/a>.<\/p>\n<p>V oboch pr\u00edpadoch, \u00fato\u010dn\u00edkov k\u00f3d sa vykon\u00e1 na strane klienta. T\u00fdmto dok\u00e1\u017ee za ist\u00fdch, naj\u010dastej\u0161ie sa vyskytuj\u00facich podmienok z\u00edska\u0165 pr\u00edstup k jeho session identifik\u00e1toru, pre\u010d\u00edta\u0165 formul\u00e1re na str\u00e1nke alebo vykon\u00e1va\u0165 \u00fatoky na intranetov\u00e9 servery. Existuje tie\u017e nieko\u013eko n\u00e1strojov, ktor\u00e9 dok\u00e1\u017eu realizova\u0165 &#8222;proxy&#8220; ako <a href=\"http:\/\/xss-proxy.sourceforge.net\/\">xss-proxy<\/a> alebo <a href=\"http:\/\/www.bindshell.net\/tools\/beef\/\">beef<\/a>. Tieto n\u00e1stroje \u010dasto plnia iba nejak\u00fd konkr\u00e9tny \u00fa\u010del. A \u010do je najd\u00f4le\u017eitej\u0161ie, s\u00fa\u00a0nepou\u017eite\u013en\u00e9, ke\u010f pou\u017e\u00edvate\u013e sprav\u00ed &#8222;preklik&#8220;, v novom okne\u00a0sa u\u017e nainjektovan\u00fd javascript nenach\u00e1dza a n\u00e1s zauj\u00edmaj\u00fa aj nav\u0161t\u00edven\u00e9 str\u00e1nky v r\u00e1mci danej dom\u00e9ny.<\/p>\n<p>Krzysztof <a href=\"http:\/\/blog.kotowicz.net\/2010\/11\/xss-track-how-to-quietly-track-whole.html\">predstavil<\/a> sp\u00f4sob, v ktorom si vytvoril neviditeln\u00fd &#8222;iframe&#8220; ve\u013ekosti prehliada\u010da, do ktor\u00e9ho\u00a0cel\u00fa p\u00f4vodn\u00fa str\u00e1nku na\u010d\u00edtal. T\u00fdmto dok\u00e1\u017eeme z\u00edska\u0165 kontrolu aj nad v\u0161etk\u00fdmi \u010fal\u0161\u00edmi nav\u0161t\u00edven\u00fdmi str\u00e1nkami. Sta\u010d\u00ed n\u00e1m k tomu oby\u010dajn\u00e1 reflexn\u00e1 XSS zranite\u013enos\u0165, ktorou je takmer ka\u017ed\u00fd dynamick\u00fd web zranite\u013en\u00fd. Pou\u017e\u00edvate\u013e si bude myslie\u0165, \u017ee prech\u00e1dza p\u00f4vodn\u00fdmi str\u00e1nkami, pri\u010dom sa preklik\u00e1va cez nainjektovan\u00fd skript a ten sa n\u00e1m replikuje \u010falej aj na \u010fal\u0161iu str\u00e1nku. D\u00f4le\u017eit\u00e9 je, \u017ee sa iframe URL nach\u00e1dza na rovnakej dom\u00e9ne ako n\u00e1\u0161 script, tak\u017ee neplatia \u017eiadne SOP obmedzenia, dok\u00e1\u017eeme vidie\u0165 obsah odosielan\u00fdch formul\u00e1rov, potvrden\u00fdch linkov a celkom trivi\u00e1lne \u013eud\u00ed monitorova\u0165. Odpor\u00fa\u010dam si prejs\u0165 z p\u00f4vodn\u00e9ho pr\u00edspevku aspo\u0148 sekciu &#8222;demonstration&#8220;.<\/p>\n<p>Medzi najv\u00e4\u010d\u0161ie nev\u00fdhody tejto met\u00f3dy v\u0161ak patr\u00ed, \u017ee sa URL nemen\u00ed ani po odkliknut\u00ed na extern\u00fa str\u00e1nku, na ktor\u00fa sa u\u017e samozrejme Same Origin Policy vz\u0165ahuje. Taktie\u017e niektor\u00e9 linky sa otv\u00e1raj\u00fa v novom tabe pomocou<strong>window.open()<\/strong> a u\u017e bez n\u00e1\u0161ho javascriptov\u00e9ho k\u00f3du.<\/p>\n<p>V tejto chv\u00edli si ur\u010dite niektor\u00ed uvedom\u00edte, \u017ee ide vlastne o reverzn\u00fd clickjacking. A ako sa dan\u00e9mu \u00fatoku efekt\u00edvne br\u00e1ni\u0165?<\/p>\n<p>Nieko\u013eko mesiacov dozadu sa objavila zauj\u00edmav\u00e1 prezent\u00e1cia\u00a0 <a href=\"http:\/\/www.owasp.org\/...\/OWASP_AppSec_Research_2010_Busting_Frame_Busting_by_Rydstedt.pdf\">&#8222;Busting Frame Busting&#8220;<\/a> o \u0161t\u00fadiu clickjackingu na popul\u00e1rnych str\u00e1nkach. Pokia\u013e by niekomu pojem clickjacking nebol zn\u00e1my, jedn\u00e1 sa o prekr\u00fdvanie str\u00e1nky &#8222;prieh\u013eadnou vrstvou&#8220;, pri\u010dom si pou\u017eivate\u013e mysl\u00ed, \u017ee odklikol nie\u010do in\u00e9, ako to v skuto\u010dnosti naozaj je. V Busting Frame kontrolujeme podmienky, \u010di sa nach\u00e1dza n\u00e1\u0161 dokument &#8222;najvy\u0161\u0161ie&#8220; v hierarchii a pokia\u013e to tak nie je, str\u00e1nku nena\u010d\u00edtame, pr\u00edpadne pri pr\u00edstupu na str\u00e1nky cez HTTP skontrolujeme aj polo\u017eku referrer (cez HTTPS by sa pren\u00e1\u0161a\u0165 referrer nemal).<\/p>\n<p>Existuje v\u0161ak nieko\u013eko sp\u00f4sobov, ako t\u00fato &#8222;ochranu&#8220; ob\u00eds\u0165, napr\u00edklad zmenou p\u00f4vodnej lok\u00e1cie <strong>top.location<\/strong>, \u010do je prekvapivo v niektor\u00fdch prehliada\u010doch st\u00e1le mo\u017en\u00e9, \u010fal\u0161ie pokusy o ochranu pomocou &#8222;framebusting code&#8220; mo\u017eno dokonca rozli\u010dn\u00fdmi sp\u00f4sobmi odstavi\u0165.<\/p>\n<\/div>\n<\/div>\n<div class=\"entry-footer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Dnes r\u00e1no zverejnil Krzysztof Kotowicz zauj\u00edmav\u00fd sp\u00f4sob mo\u017enosti monitorovania pou\u017e\u00edvate\u013eov pomocou zranite\u013enosti typu XSS. V\u00e4\u010d\u0161ina \u013eud\u00ed zaoberaj\u00facich sa webovou bezpe\u010dnos\u0165ou tento druh zranite\u013enosti d\u00f4verne pozn\u00e1 a odpor\u00fa\u010dame im najbli\u017e\u0161ie dva odstavce s vysvetlen\u00edm presko\u010di\u0165, pre ostatn\u00fdch nasleduje kr\u00e1tke upresnenie. XSS cross site scripting je zranite\u013enos\u0165 na strane servera, ktor\u00e1 umo\u017e\u0148uje zneu\u017eitie koncov\u00fdch prehliada\u010dov. Jej z\u00e1kladn\u00e9 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13],"tags":[477,478,479,480,481],"class_list":["post-1157","post","type-post","status-publish","format-standard","hentry","category-uncategorized-sk","tag-busting-frame-sk","tag-clickjacking-sk","tag-dom-sk","tag-sop-sk","tag-xss-sk"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>XSS monitoring - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"XSS monitoring - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Dnes r\u00e1no zverejnil Krzysztof Kotowicz zauj\u00edmav\u00fd sp\u00f4sob mo\u017enosti monitorovania pou\u017e\u00edvate\u013eov pomocou zranite\u013enosti typu XSS. V\u00e4\u010d\u0161ina \u013eud\u00ed zaoberaj\u00facich sa webovou bezpe\u010dnos\u0165ou tento druh zranite\u013enosti d\u00f4verne pozn\u00e1 a odpor\u00fa\u010dame im najbli\u017e\u0161ie dva odstavce s vysvetlen\u00edm presko\u010di\u0165, pre ostatn\u00fdch nasleduje kr\u00e1tke upresnenie. XSS cross site scripting je zranite\u013enos\u0165 na strane servera, ktor\u00e1 umo\u017e\u0148uje zneu\u017eitie koncov\u00fdch prehliada\u010dov. Jej z\u00e1kladn\u00e9 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2010-11-06T17:42:50+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 min\u00faty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"XSS monitoring\",\"datePublished\":\"2010-11-06T17:42:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\"},\"wordCount\":714,\"commentCount\":0,\"keywords\":[\"busting frame\",\"clickjacking\",\"dom\",\"sop\",\"xss\"],\"articleSection\":[\"Uncategorized @sk\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/sk\/xss-monitoring\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\",\"url\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\",\"name\":\"XSS monitoring - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2010-11-06T17:42:50+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/sk\/xss-monitoring\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/sk\/xss-monitoring\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/sk\/domov\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"XSS monitoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"XSS monitoring - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/xss-monitoring\/","og_locale":"sk_SK","og_type":"article","og_title":"XSS monitoring - Nethemba","og_description":"Dnes r\u00e1no zverejnil Krzysztof Kotowicz zauj\u00edmav\u00fd sp\u00f4sob mo\u017enosti monitorovania pou\u017e\u00edvate\u013eov pomocou zranite\u013enosti typu XSS. V\u00e4\u010d\u0161ina \u013eud\u00ed zaoberaj\u00facich sa webovou bezpe\u010dnos\u0165ou tento druh zranite\u013enosti d\u00f4verne pozn\u00e1 a odpor\u00fa\u010dame im najbli\u017e\u0161ie dva odstavce s vysvetlen\u00edm presko\u010di\u0165, pre ostatn\u00fdch nasleduje kr\u00e1tke upresnenie. XSS cross site scripting je zranite\u013enos\u0165 na strane servera, ktor\u00e1 umo\u017e\u0148uje zneu\u017eitie koncov\u00fdch prehliada\u010dov. Jej z\u00e1kladn\u00e9 [&hellip;]","og_url":"https:\/\/nethemba.com\/sk\/xss-monitoring\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2010-11-06T17:42:50+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Autor":"Pavol Lupt\u00e1k","Predpokladan\u00fd \u010das \u010d\u00edtania":"4 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"XSS monitoring","datePublished":"2010-11-06T17:42:50+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/"},"wordCount":714,"commentCount":0,"keywords":["busting frame","clickjacking","dom","sop","xss"],"articleSection":["Uncategorized @sk"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/sk\/xss-monitoring\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/","url":"https:\/\/nethemba.com\/sk\/xss-monitoring\/","name":"XSS monitoring - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2010-11-06T17:42:50+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/xss-monitoring\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/xss-monitoring\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"XSS monitoring"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/1157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=1157"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/1157\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=1157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/categories?post=1157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/tags?post=1157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}