ok, I start with a very simple method: alert(someText); "someText" is a variable, which users will pass a value in by a form. Will there a chance that the user pass following text, and inject some code in my Javascript? For example, can the user pass this in this method: "anotherText"); alert("the nextText" If so, how can I prev...
How do you elevate user rights to root using the Authorization API so that it is possible to use mach_inject? ...
Given an assembly with an entry point like: int FooClass::doFoo(int x, double y) { int ret; // Do some foo return ret; } Is it possible to use yet another assembly to simulate something like: int FooClass::doFoo(int x, double y) { int ret; TRACE_PARAM_INT(x) TRACE_PARAM_DOUBLE(y) // Do some foo TRACE_RETURN_IN...
I plan on creating a toy application to play games. Is it possible to capture game data from another applications frame? I know this is traditionally done using a low level language and using dll injection but i was wondering if this is possible to do from a high level language? ...
I have a class that stores paths to CSS and Javascript files in arrays. This class also compiles my final page HTML output (which is stored in an $output variable). I want to loop through my $css and $js arrays and inject HTML at specific points in $output. The CSS files would need to go right before </head> and the JS files would need t...
An HTML template is passed to Coldfusion. The head tag of the template has additional attribute: <head profile="http://abc.com"> The issue is that when generating the output based on this template Coldfusion injects its scripts inside the head tag: <head <script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script> <scri...
I wish to write a utility to auto-hide the menu bar, much like the dock. This would replicate the a OS X 10.4-only application "Menufela", but for Snow Leopard. [[NSApplication sharedApplication] setPresentationOptions: NSApplicationPresentationAutoHideMenuBar | NSApplicationPresentationAutoHideDock]...
I have this code in a page that includes other files via GET request: $page = strtolower($_GET['page']); if(!$page or !$allow[$page] or $page == 'home') { header("Location: home.php"); } where $allow is a hardcoded array which contains a list of the allowed strings that are valid files to be included. Am I missing something obvi...
Hi, nowadays you can read much about code injection, exploits, buffer-, stack- and heap-overflows etc. leading to inject and run code. I wonder what of this stuff is relevant for Java. I know, there are no pointers in the Java language. But doesn't the JVM organize data in heaps and / or stacks? I know there is no eval function (like ...
I am building a C++ (Qt) based application for controlling a flash based UI. Because the flash runtime leaks spectatular amounts of memory, we execute the UI as a .swf loaded in the standalone flash player separate from the command-and-control app written i C++. The C++ starts the flash player as an external process with appropriate par...
I am using jquery to get a count of children elements within a parent div. $('#slideshow > div').size() Then using append(), I'd like to inject the number of div elements that are in #slideshow into another div called .mainImageBrowserTabButtonWrapper Any help on this would be appreciated. EDIT I realize my initial question didn't ...
My Joomla! website has been repeatedly hacked into. Someone, somehow, managed to inject the following rubbish into the key php scripts, but I mean not to talk about configuring Joomla. The site is not visited much (at times I fear I might be the only visitor to that site...) and I don't care much to have the site back up and running. I'l...
Recently I ran across a blog article about using PHP scripts to redirect affiliate links. It got me thinking whether this script was safe or not. I've heard that using the $_GET variable can lead to a vulnerability. Any suggestions would be appreciated. Would checking the input for alphanumerics and the hyphen ('-') be enough to guar...
Hello, community! Once in a while we get registrations on our website similar to this one. (This is a transcript of an email notification): New User Registration FirstName: cowdqd LastName: cowdqd Company: nWJrFxUitwFMbnK Email: [email protected] Phone: oCFsfSHolrnx Fax: -152 AddressLineOne: xRQgqnCOJkkoA AddressLineTwo: obsDvktXDL City...
What should considered to prevent Injection in request forms ? e.g : using Recaptcha, preventing SQL Injections, etc ... what other item should be consider ? ...
I've been unable to find any info on this, which seems like it could be the only way to solve a past unanswered question of mine on SO. However, I think this should really be a separate question now. I am wondering if there is a way to dynamically redefine an ICommand-derived class's CanExecute method. I'm still new to .NET and perhap...
Hello, I need to know that all Win32 Exe functions or class's member functions contained inside Export table of that Win 32 exe(PE File)? If not then from how and where I would be able to get all these information? (I know PE file format and all sections of it and know what those sections contained but still help required how to procee...
Hi everyone. This is probably something I should be able to figure out by myself, but I'm not having much luck so I figured I'd ask. The issue: I'm translating a system from java to C# and they use a java framework that I'd really like to use, since it takes care of the most complex parts of the system, which I would otherwise have to ...
Hello colleagues! Googling today I couldn't found sample or mentioning of best practice: how to escape user input in Struts2. Of course I can manually convert characters on validate() method, but it looks too obvious. So may be exists some automation to avoid code/script injection? ...
one day after managing to defend against a massive DDoS attack now http://arabcrunch.com is hacked by someone who seems to change the posts title into Viagra ad on google search engine look how they damaged us: .google.com/search?hl=en&client=safari&rls=en&q=Viagra+Online+Pharmacy+-+Buy+Online+Viagra%2C+Cialis%2C+Levitra+wordpress+hack...