I'm diong a little rummaging around for a nearby school who said they are having a bit of trobule with their digital library system. I was recommended and said I would take an initial look at the system. Mind you if you know about infosec than this is grey box testing.
THe application I'm focusing on is alexandria v5.5.67 which is a library management and interface tool. I've found a number of pretty serious XSS and even SQLinjection errors in their coding. I believe these are new and I've reproted them to Alexandria but the problem lies within me fixing this.
I was able to give a proof of concept test on URL piping commands with the python used to drive it and a proof of concept for the login system using their poorly coded perl. I'm having a bit of trouble and I'm a little new to this. I'm attempting to do a proof of concept on their main page using their search function. I've already exploited using a basic
What I"m trying to do is actually edit the elements of a div container on the page. I've never actually used DIV's with javascript or any scripting for that matter other than Server side includes in PHP, but thats not client side and I don't know much about Javascript. What I'm looking to do is change or alter the content of a particular div, its not necessarily a div but rather a class. I'm having trouble even using javscript URL commands to get the contents of a particular Div to display.
So what happens is that I have a page that uses a Javascript tab navigation div, named 'Tabber', working perfectly. Basically it picks up HTML tags with a specific classname and after the page is loaded it creates a small portion of HTML to create the desired effect. The problem is that it only does it after the page is loaded, which I am fine with it, but before that, the contents of that same div (that come from a SQL query) are not formated and the page just breaks apart untill the document is fully loaded (my current workaround is an overflow:hidden but...it is still ugly to watch), and only then it adjusts itself due to the right CSS propreties.
Now, it would be great if I could just have a loading icon showing up inside the div while the page is not loaded, so I can manage to hide that Javascript HTML injection process.
I've read enough about email validation to know that the only real validation is having a user respond to a confirmation message you've sent them. However, I want to store the address temporarily, so I want to make sure what is entered is safe to work with.
I have a basic understanding of regexps, so I could write one that checks for a simple format like: something followed by @ followed by something followed by .. followed by something. I can also make a good guess at understanding the regexps I come across in validation schemes people have posted. However, each scheme that is posted seems to get criticized for invalidating some esoteric, but valid, addresses.
I'm wondering if there is a minimum validation you can do that will prevent basic attacks like sql injection attacks. For example, if I weed out anything with single and double quotes, and semicolons, am I barring some people unnecessarily? Seems like you'd be trying to mess with people by putting a semicolon in your email address.
I've implemented jQuery within a web application where a very large number of DOM elements, comments in this case, are injected post-load by a 'Show all' button. Returned via JSON is a HTML string of <li> elements, to be injected into a pre-existing <ul> element. I'm looking to make this more efficient, as reading various sites I've been led to believe that wrapping new elements in a parent wrapper node before injecting would yield the best speed. Here, however, I'm injecting into an <ul> element that already has elements in, so can't wrap it.
What's the most efficient way of tackling this? a) Wrap them in an element, inject, then unwrap and move into the target? b) Clone the existing <ul>, add the elements in-memory and then replace in the DOM with the consolidated version
In Chrome, the login page on my schools educational online platform [URL] doesn't remember the login info. So i made a bookmark with this javascript injection, that fills in the info, and focusses on the 'aanmelden' button (='login' in dutch), so that i only have to press enter to continue. Here's the javascript injection:
This works fine but i'd like to make it happen faster. I wish i could let the script be activated instantly when the page loads, so i only have to press enter, or if possible, let the script click the login button itself.
if i have a java interface on a website and that interface contains a box where a user enters a string and then submits it. If I wanted to rapidly submit strings from a list I had (in a text file say), how would I go about doing this?
I have looked at the source code for the interface but I don't really know java that well. There must be a way to "connect" to the interface and rapidly submit strings.
i want to ask that is it possible that using javascript injection the contents of a web page can be altered (add / edit / deleted) in Line of Code.Since, this has happened with me couple of times,talking to the support team at my hosting provider, they say that its due to the security holes in the Coding, but i think that its the security issue at the hosting side (since modifying the web pages code)i've found this code immediately after the opening of the body tagearlier the page snoofing for the above URL was working, but now its not producing the output. (so can not post whats inside it).My Another website (hosted by the same provider) is also infected. there the code immediately after the body tag is again the page snoofing yeilds no output with the error
The client we're building a site for recently had a server wide scan done by [UR] for PCI compliance. This was required by their banks commercial credit card service. The report came back with a "Possible blind sql injection" vulnerability warning level 4 out of 7 for the Superfish menu javascript. Anything 4 and above keeps them out of compliance. This file is for the Superfish menu. Is there a workaround for this potential issue?
I'm building a webpage using javascript and iframes. Basically I have an iframe in the middle of the index.html page that links to another html page (let's call it iframe.html). My question is, is it possible to call a javascript function from iframe.html to control an object on index.html? If so, how do I do this? I'd like to be able to assign an image in iframe.html with the hyperlink of href="javascript:function()", where the function effects the CSS of a div on index.html.
I have a web site which main page is index2.html I need a script that when I refresh the page it takes me to index3.html or index#.html in a random fashion. the list of index numbers is 10 so far.
I came across a very odd browser behavior when trying to modify a css class using javascript and at the same time having a base html statement in my html file.Without the base html statement, all browsers work fine and I can change the css class definition using javascript easily.With a base html statement, only FireFox still works while Internet Explorer and Google Chrome dont work anymore. If there is a cross-domain issue, while one browser does work and the others dont? An example of what I'm talking about, with the base statement:
http://freebsdcluster.org/~casaschi/tmp/example-base.html Without the base statement: http://freebsdcluster.org/~casaschi/tmp/example-nobase.html
how to tweak the code in the case with the base html statement in order for the javascript to work with all browser (modifying the class definition) ?I want to be able to manipulare css classes with javascript when a base html statement is in my html code.This is essentially the code:
When I test alert() the .html() contents it appears like this. It seems to screw up the quote escape and changes " to " ;="" after the recordchecks().[code]...
So even though the source code looks perfect, if I alert() the div contents with html() it seems to get a bit garbled in the process.
I tried to load 1 html through ajax and javascript and it worked.But i want to load more than one and i cant.I thought that it would be a good idea to put the ajax files to the external websites and put the same load button.I tried this idea but it doesn work.I can only load one external website.
I have a file that generates web galleries in Adobe Lightroom. They are generated depending on which files are selected and the metadata in those files.
Basically it is a series of pages of thumbnails called index.html index_1.html index_2.html etc.
Then a set of pages for each individual image.
An example can be seen here: [url](the page navigation links are not great, but I have addressed that, they're at the bottom >> )
Currently if a user clicks on a photo there is a 'return to thumbnails button at the top, but this always takes them to /index.html
So the user could be at a picture after browsing to /index_39.html and still get returned to /index
Is there any way I can use history.go to find the last instance of index.html Or index_x.html (where x is any number) and take them back to that instead?
Im wondering if generating html objects such as tabels and rows in javascript is faster than typing the html directly? Seems when you do it in javascript you have to download alot of code and would slow down displaying the page. while if you just type the html, it requires less bandwidth and display faster?
is parsing html to display in browser slower than doing it through dom to display the same html objects on the page?
.change() is only for form elements minus check boxes/radio buttons, etc.Are any of you aware of a script that does this already? Hopefully one that is easy to implement.I just want to monitor things like height, number of inner elements, or any change in the inner HTML.
I have been trying to get the html returned by a php script to display under a simple form.It only displays the first line. It's my fist stab at this so please forgive my ignorance.Here's the relevant code snippet:
I want to change the content of different div's using .html(). The change should be done by clicking on the inner element of the container. The content of the clicked container should be changed with the first container. My problem is, that the following code does the change, but only once. After every div has changed one time, no more reaction is shown.
Just wondering - is there some trick that allows this to be done of which I am not aware? Specifically, I would like to use XPath to query the _current_ HTML document in IE.
html() with FFOX returns html with quotes (which is standards) but when used with IE (9) it returns html without quotes. class='myCLass' vs. class=myClass. This is a problem because I want to feed that html to the TCPDF jQuery plugin and the plugin wants 'good' html.
I need to get all the TABLE HTML code within the <body> tag for a content-generating application. I'm trying to use the html() method, but it only gets the inner HTML. I also tried clone(), but does the same thing. Or maybe I'm using it wrong.
I have this normal HTML page, starts with <!DOCTYPE ...... and end with </html>, nothing special, what I need is to get every character from the beginning to the end.I've tried $("html").html(), but this cannot get the <!DOCTYPE line and also the <html> line, but only the codes inside the <html> tag, how can I get all ?
