Hi, I'm using greasemonkey to inject a script into every page that loads in my browser. The problem that i'm facing now is that, if the browser moves from one page to another within the same domain, greasemonkey doesn't inject my script again. For example, I'm at google.com, so when my browser loads this page, my script is injected. Now,...
I'd like to enable users to leave rich text comments, possibly using markdown. I've installed the libraries used on Reddit, but am concerned about the javascript injection attack which occurred last year, especially since I'm still not clear on the details of how the attack was done. Should I still be concerned about comment security? Is...
I need to solve a problem with javascript injection in a form textarea and fields script type='text/javascript' window.location='http:site.com'; /script or a href='javascript:...' or form action... or input name... but i preserve some html tags for example a, b, ul... is this possible? ...
Last year a user managed to inject arbitrary javascript into reddit's markdown syntax. Can someone explain how this was done and how I can test whether my site is similarly vulnerable? ...
What should considered to prevent Injection in request forms ? e.g : using Recaptcha, preventing SQL Injections, etc ... what other item should be consider ? ...
idea Via jQuery, I was able to mark all :first-child and :last-child elements in document (well, almost all :)) with class first which could I later style (i.e. first li in ul#navigation would be easily adressable as ul#navigation .first). I used following code: var $f = $('*:first-child') $f.addClass('first'); var $l = $('b...
Hi, I read in a source that chrome, when it goes to a domain, it prefetches most of the pages that might be used for that domain. As a result of this, I'm facing a problem. I have a greasemonkey script which is to be injected in every page. But what seems to happen is that the browser injects the script for the first page in a domain an...
I am working on XPath Injection attack, so looking forward to build a tool to detect XPath Injection in a website. Is web crawling and scanning used for this? What can be the logic to detect it? Are there any open source tools to detect it, so that i can develop it in Java by looking at logic used in that code. ...
I got this from for a login form tutorial: function sanitize($securitystring) { $securitystring = @trim($str); if(get_magic_quotes_gpc()) { $securitystring = stripslashes($str); } return mysql_real_escape_string($securitystring); } Could some one explain exactly what this does? I know th...
I am trying inject into a dll that sends a void ** for one of the parameters. The void ** can contain structs that are created in the application. Is there any way of getting data out of the structs. ...
I've read various sources but I'm unsure how to implement them into my code. I was wondering if somebody could give me a quick hand with it? Once I've been shown how to do it once in my code I'll be able to pick it up I think! This is from an AJAX autocomplete I found on the net, although I saw something to do with it being vulnerable to...
Hello We are using Seam 2.2.0 Java 1.6.14 Weblogic 10.3.1.0 (named 11g Doh!) I have looked at Seam reference Seam in action These web pages However I still do not understand how to inject an EJB3 bean into a JSF backing bean. It seems to me that I have to (correct me if I am wrong) Annotate with @Name my backing bean Annotate...
Hello everyone, I have a question about ruby on rails and the process of assigning variables using the params variable passed through a form class User attr_accessible :available_to_admins, :name end Let's say that I have a field that is only available to my admins. Assuming that you are not an admin, I am going to not display the a...
is it possible to inject a service reference into custom type converter? my situation is quite typical in fact, I have a combo, which binds to collection of entities. On submit I get only an ID of selected entity and have to refetch the real object in my action. I was thinking about more elegant way to do this, and it seems like making ...
Hello, I am using Seam with JBoss AS. In my application I have a SLSB which is also declared as a seam component using the @Name annotation. I am trying to inject and use this SLSB in another seam component using the @In annotation. My problem is that sometimes Seam injects the local interface (then the code runs fine) and sometimes ...
Hi, yesterday i noticed that sometimes on my webpage shows up javascript errors. when i went to source code, i found that one of .js files was totaly replaced with a ton of porn links. i checked the ftp for this file, but there was just old javascript file without any changes. yet i go back to check source code via browser and indeed th...
I want to store php code inside my database and then use it into my script. class A { public function getName() { return "lux"; } } // instantiates a new A $a = new A(); Inside my database there is data like "hello {$a->getName()}, how are you ?" In my php code I load the data into a variable $string $string = loa...
We are building an application which utilizes LDAP via php and I got to thinking is there anything you can do with injecting into LDAP and better yet how does one protect against LDAP injections ? ...
Hi, I need to post a form loaded in UIWebview (iPhone sdk/Objective c) through javascript injection. I used document.form.submit() which is not working. Plz Plz help.... ...
Hey guys I have a site written in PHP utilizing PDO. I am using the bindParam() function to bind to a sql insert query: ("insert into Table (id, date, data) VALUES (?, ?, ?)") but I am able to insert a string containing "<script>window.location="google.com"</script>" How to prevent this? Thanks!!! ...