top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

    Get Free Article Updates

Facebook Login
Site Registration
Print Preview

Simple Overview About XSS?

+1 vote
26 views

What is XSS?

XSS mean Cross Site Scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.

Step-By-Step walkthrough of a simple XSS attack:

Following pseudo-code is used to display the most recent comment on a web page.

print "<html>"
print "<h1>Most recent comment</h1>"
print database.latestComment
print "</html>"

Video for XSS

posted Dec 28, 2016 by Manish Tiwari

  Promote This Article
Facebook Share Button Twitter Share Button Google+ Share Button LinkedIn Share Button Multiple Social Share Button
nice and good


Related Articles

What is HeidiSQL?

HeidiSQL, previously known as MySQL-Front, is a free and open source client, or frontend for MySQL (and for its forks like MariaDB and Percona Server), as well as Microsoft SQL Server and PostgreSQL.

HeidiSQL is a useful and reliable tool designed for web developers using the popular MySQL server, Microsoft SQL databases and PostgreSQL. It enables you to browse and edit data, create and edit tables, views, procedures, triggers and scheduled events. Also, you can export structure and data either to SQL file, clipboard or to other servers.

On Windows 64bit, if you have a 32bit version installed in C:\Program Files (x86)\..., then the 64bit version is installed separately, and can be uninstalled separately. You should uninstall the 32bit version in that case.

HeidiSQL runs fine on Windows XP, Vista and 7. Running HeidiSQL on Wine/Linux also works fine.

On Windows 2000 you might run into some "illegal function call into KERNEL.DLL", which is caused by the newer libmysql.dll which dropped Win2k support. You can fix that by placing this older one into the HeidiSQL directory, overwriting the original.

HeidiSQL does not run on Windows 95/98 or ME, as the Unicode extensions are not available on these systems.

Features:

  • Free for everyone, OpenSource since 9 years of active development.
  • Connect to multiple servers in one window
  • Connect to servers via commandline
  • Connect via SSH tunnel, or pass SSL settings
  • Create and edit tables, views, stored routines, triggers and scheduled events.
  • Generate nice SQL-exports, compress these afterwards, or put them on the clipboard.
  • Export from one server/database directly to another server/database
  • Manage user-privileges
  • Import text-files
  • Export table rows as CSV, HTML, XML, SQL, LaTeX, Wiki Markup and PHP Array
  • Browse and edit table-data using a comfortable grid
  • Bulk edit tables (move to db, change engine, collation etc.)
  • Batch-insert ascii or binary files into tables
  • Write queries with customizable syntax-highlighting and code-completion
  • Pretty reformat disordered SQL
  • Monitor and kill client-processes

Video for HeidiSQL

https://www.youtube.com/watch?v=BTz6wYVxPfI 

READ MORE

What is JSX?

JSX is a preprocessor step that adds XML syntax to JavaScript. You can definitely use React without JSX but JSX makes React a lot more elegant. Just like XML, JSX tags have a tag name, attributes, and children.
JSX is a statically-typed, object-oriented programming language designed to run on modern web browsers. ​

Features

  • JSX is faster because it performs optimization while compiling code to JavaScript.
  • It is also type-safe and most of the errors can be caught during compilation.
  • JSX makes it easier and faster to write templates if you are familiar with HTML.

Simple Example

import React from 'react';

class App extends React.Component {
   render() {
      return (
         <div>
            <h1>Header</h1>
            <h2>Content</h2>
            <p>This is the content!!!</p>
         </div>
      );
   }
}

export default App;

Video for JSX

https://www.youtube.com/watch?v=xFETH5O7z-A

READ MORE

What is Angular CLI?

Angular cli is a command line interface to scaffold and build angular apps using nodejs style (commonJs) modules. Not only it provides you scalable project structure, instead it handles all common tedious tasks for you out of the box.
The Angular2 CLI makes it easy to create an application that already works, right out of the box.

Npm Commends:

npm install -g angular-cli

Features

  • Built with BrowserSync: Reload on saves
  • Automatically routed for us
  • Found in the browser at http://localhost:4200
  • Simplicity and ease-of-mind 

Angular-CLI supports all major CSS preprocessors:

  • sass/scss (http://sass-lang.com/)
  • less (http://lesscss.org/)
  • stylus (http://stylus-lang.com/)

Video for Angular Cli

 https://www.youtube.com/watch?v=QMQbAoTLJX8

READ MORE

What is Node BB?

    NodeBB Forum Software is powered by Node.js and built on either a Redis or MongoDB database. It utilizes web sockets for instant interactions and real-time notifications. NodeBB has many modern features out of the box such as social network integration and streaming discussions, while still making sure to be compatible with older browsers.

NodeBB integrates into your existing website and social media networks, allowing you to maximize your outreach and establish close relationships with your users.

NodeBB is next generation forum software. It's powerful, mobile-ready and easy to use.

Features

  • Grow Your Community
  • Modern Design
  • Control Everything
  • Cloud Integrations
  • Extensibility

 

Node BB Requirements

NodeBB requires the following software to be installed:

  • A version of Node.js at least 4 or greater
  • Redis, version 2.8.9 or greater or MongoDB, version 2.6 or greater
  • nginx, version 1.3.13 or greater (only if intending to use nginx to proxy requests to a NodeBB) 

Video for Node BB

https://youtu.be/uwgdWPeVuJE

 

READ MORE

What is TortoiseHg?

TortoiseHg is a set of graphical tools and a shell extension for the Mercurial distributed revision control system. On Windows, TortoiseHg consists of a shell extension, which provides overlay icons and context menus in your file explorer, and a command line program named hgtk.exe which can launch the TortoiseHg tools.

TortoiseHg is a Windows shell extension and a series of applications for the Mercurial distributed revision control system. It also includes a Gnome/Nautilus extension and a CLI wrapper application so the TortoiseHg tools can be used on non-Windows platforms.

TortoiseHg is a GUI front-end for Mercurial that runs on Microsoft Windows, on which it integrates directly with File Explorer, Mac OS X, and Linux.

Features

  • Repository explorer
  • Commit dialog
  • Support for visual diff/merge tools.
  • Data mining on repository contents
  • Seamless support for serving a repository via Mercurial's integrated web interface.
  • Repository synchronization
  • Intuitive GUI for managing Mercurial settings​

Supported Platforms

Microsoft Windows XP, Vista, 7, 8.1, and 10
Command line support via thg
Mac OS X port via source install
Gnome/Nautilus integration


Like TortoiseSVN, we recommend to turn off the indexing service on the working copies and repositories, and exclude them from virus scans.

Video for TortoiseHg

https://www.youtube.com/watch?v=wqU9MFplgrQ

READ MORE

What is Protactor Frameowrk in Angular JS?
Protractor, formally known as E2E testing framework, is an open source functional automation framework designed specifically for AngularJS web applications. It was introduced during AngularJS 1.2 as a replacement of the existing E2E testing framework.

Protractor is an end-to-end test framework for AngularJS applications. Protractor runs tests against your application running in a real browser, interacting with it as a user would.

Protractor is a Node.js program, and runs end-to-end tests that are also written in JavaScript and run with node. Protractor uses WebDriver to control browsers and simulate user actions.

Protractor uses Jasmine for its test syntax. As in unit testing, a test file is comprised of one or more it blocks that describe the requirements of your application. it blocks are made of commands and expectations. Commands tell Protractor to do something with the application such as navigate to a page or click on a button. Expectations tell Protractor to assert something about the application's state, such as the value of a field or the current URL.

If any expectation within an it block fails, the runner marks the it as "failed" and continues on to the next block.

 

Node Code Setup

npm install -g protractor

This will install two command line tools, protractor and webdriver-manager. Try running protractor --version to make sure it's working.

The webdriver-manager is a helper tool to easily get an instance of a Selenium Server running. Use it to download the necessary binaries wit

webdriver-manager update
Now start up a server with:
webdriver-manager start

This will start up a Selenium Server and will output a bunch of info logs. Your Protractor test will send requests to this server to control a local browser. You can see information about the status of the server at http://localhost:4444/wd/hub.​

Simple Example Test

describe('TODO list', function() {
  it('should filter results', function() {

    // Find the element with ng-model="user" and type "jacksparrow" into it
    element(by.model('user')).sendKeys('jacksparrow');

    // Find the first (and only) button on the page and click it
    element(by.css(':button')).click();

    // Verify that there are 10 tasks
    expect(element.all(by.repeater('task in tasks')).count()).toEqual(10);

    // Enter 'groceries' into the element with ng-model="filterText"
    element(by.model('filterText')).sendKeys('groceries');

    // Verify that now there is only one item in the task list
    expect(element.all(by.repeater('task in tasks')).count()).toEqual(1);
  });
});

 

Video for Protactor E2E

https://www.youtube.com/watch?v=idb6hOxlyb8

READ MORE
Contact Us
+91 9880187415
sales@queryhome.net
support@queryhome.net
#470/147, 3rd Floor, 5th Main,
HSR Layout Sector 7,
Bangalore - 560102,
Karnataka INDIA.
QUERY HOME
...