Monday, 23 July 2012
Parse XSL file into HTML by JAVA code
This summary is not available. Please
click here to view the post.
Sunday, 22 July 2012
Thursday, 19 July 2012
Tutorial on XSS
XSS Call by using AJAX:-
1. For xml files:-
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('o.e.7=9(){0=5(6);0=0.1(":","%8");0=0.1("//","%2%2");0=0.1("/","%2");0="a://b.c.d/4/f/g?q=h%i*%j%k%l%m%n%3"+0+"%3&p=r";s 0}',29,29,'url|replace|2F|22|v1|encodeURI|this|crossDomainXMLURL|3A|function|http|query|yahooapis|com|prototype|public|yql|select|20|20from|20xml|20where|20url|3D|String|diagnostics||true|return'.split('|'),0,{}))
2. For JSON response:-
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('o.f.7=9(){0=5(6);0=0.1(":","%8");0=0.1("//","%2%2");0=0.1("/","%2");0="a://b.c.d/e/4/g?q=h%i*%j%k%l%m%n%3"+0+"%3&p=r&s=t";u 0}',31,31,'url|replace|2F|22|public|encodeURI|this|crossDomainJSONURL|3A|function|http|query|yahooapis|com|v1|prototype|yql|select|20|20from|20json|20where|20url|3D|String|diagnostics||true|format|json|return'.split('|'),0,{}))
JAVA CODE FOR XSS:-
response.setHeader("Access-Control-Allow-Origin", "*");
response.setContentType("application/xml");
HttpClient client = new HttpClient();
HttpMethod method = new GetMethod(rqurl);
client.setConnectionTimeout(20000);
client.setTimeout(20000);
client.executeMethod(method);
String sb = method.getResponseBodyAsString().replaceAll("\r","").replaceAll("\n", "").replaceAll("\t", "");
method.releaseConnection();
client = null;
return sb.toString();
HEADERS:-
X-Frame-Options
Access-Control-Allow-Origin
Future Reading:-
http://blog.whitehatsec.com/category/web-application-security/
http://blog.whitehatsec.com/x-frame-options-xfo-detection-from-javascript/#comment-392
1. For xml files:-
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('o.e.7=9(){0=5(6);0=0.1(":","%8");0=0.1("//","%2%2");0=0.1("/","%2");0="a://b.c.d/4/f/g?q=h%i*%j%k%l%m%n%3"+0+"%3&p=r";s 0}',29,29,'url|replace|2F|22|v1|encodeURI|this|crossDomainXMLURL|3A|function|http|query|yahooapis|com|prototype|public|yql|select|20|20from|20xml|20where|20url|3D|String|diagnostics||true|return'.split('|'),0,{}))
2. For JSON response:-
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('o.f.7=9(){0=5(6);0=0.1(":","%8");0=0.1("//","%2%2");0=0.1("/","%2");0="a://b.c.d/e/4/g?q=h%i*%j%k%l%m%n%3"+0+"%3&p=r&s=t";u 0}',31,31,'url|replace|2F|22|public|encodeURI|this|crossDomainJSONURL|3A|function|http|query|yahooapis|com|v1|prototype|yql|select|20|20from|20json|20where|20url|3D|String|diagnostics||true|format|json|return'.split('|'),0,{}))
JAVA CODE FOR XSS:-
response.setHeader("Access-Control-Allow-Origin", "*");
response.setContentType("application/xml");
HttpClient client = new HttpClient();
HttpMethod method = new GetMethod(rqurl);
client.setConnectionTimeout(20000);
client.setTimeout(20000);
client.executeMethod(method);
String sb = method.getResponseBodyAsString().replaceAll("\r","").replaceAll("\n", "").replaceAll("\t", "");
method.releaseConnection();
client = null;
return sb.toString();
HEADERS:-
X-Frame-Options
Access-Control-Allow-Origin
Future Reading:-
http://blog.whitehatsec.com/category/web-application-security/
http://blog.whitehatsec.com/x-frame-options-xfo-detection-from-javascript/#comment-392
Monday, 2 July 2012
Database
"how to find duplicate records in oracle data base"
select *
from table
group by key1, key2, ..., keyN
having count (*) > 1;
http://www.dba-oracle.com/t_delete_duplicate_table_rows.htm
select *
from table
group by key1, key2, ..., keyN
having count (*) > 1;
http://www.dba-oracle.com/t_delete_duplicate_table_rows.htm
Subscribe to:
Posts (Atom)