New to pentesting. I ran a vulnerability analysis that points the application that I am testing has quite a few xss vulnerability.
Now how to proceed from here?
Report Screenshot
Source Code :
if(Name !=null)
{
if(Name.equals(server))
{
String appName = request.getParameter("appName");
if(appName !=null && appName.equals(CommonUtil.getProductName()))
{
message = addProductDetails(request, productName, message);
}
}
else if(Name.equalsIgnoreCase(test))
{
ADSMPersUtil.updateSyMParameter("IS_INTEGRATED", "true");
message = "Successfully Integrated";//No I18N
}
else{message = addProductDetails(request, productName, message);}
}
PrintWriter out = response.getWriter();
response.setContentType("text/html");//No I18N
out.println(message);
out.close();
}
catch(Exception e){e.printStackTrace();}
}
If message is not HTML, then it needs to be HTML encoded before being inserted into a HTML stream. Characters like <, >, ", ', & need to be converted to their corresponding HTML entities.
With JSP, then the <c:out> tag does this encoding, and other templating languages have similar ways of doing this.
When writing to the OutputStream directly from Java, then you can use Java methods to do the escaping. See: Recommended method for escaping HTML in Java
If message is already HTML, then the code that generates the HTML similarly needs to escape any data values inserted within it.
With constant strings that don't contain any of these special characters, then you can treat it as a HTML string, or a plain-text string. It's more robust to escape these Strings anyway when outputting them, which prevents any XSS issues from being introduced if the strings change in the future, especially if they're being created in other methods.
Related
I CANNOT ALTER THE JSON RESPONSE, SHOWN BELOW.
I want to be able to detect when the POST message was successfully entered into the database. When the data is successfully entered the response is:
{"status":"success","message":"successfully inserted"}
I want to then use an if-else statement in Arduino to detect when this is received from the server. So my code will look something like this:
while(client.available())
{
String line = client.readStringUntil('\n');
Serial.print(line);
Serial.print("\n");
if(line == "{"status":"success","message":"successfully inserted"}")
{
update_var++;
Serial.print("SUCCESSFUL");
break;
}
else
{
Serial.print("UNSUCCESSFUL");
}
}
However, a problem immediately arises in the if statement. This is due to the quotation marks also appearing in the string. How do I use an if-else statement when receiving JSON response?
This just requires escaping if you're testing literally:
if (line == "{\"status\":\"success\",\"message\":\"successfully inserted\"}")
Keep in mind this could just as easily have the keys swapped, there's no guarantee they'll be in that order. This is why using a proper JSON parser is imperative.
I recommend using a JSON library for parsing JSON but if that's not an option, I recommend comparing your String with a raw string literal (option 6 in the link) to avoid escaping of any character:
if(line == R"aw({"status":"success","message":"successfully inserted"})aw") {
// ...
}
Hello I want to extract JSON from below input string.
I have tried bellow regex in java and it is working fine,
private static final Pattern shortcode_media = Pattern.compile("\"shortcode_media\":(\\{.+\\})");
I want in regex for dart.
Input String
<script type="text/javascript">window.__initialDataLoaded(window._sharedData);</script><script type="text/javascript">window.__additionalDataLoaded('/p/B9fphP5gBeG/',{"graphql":{"shortcode_media":{"__typename":"GraphSidecar","id":"2260708142683789190","shortcode":"B9fphP5gBeG","dimensions":{"height":1326,"width":1080}}}});</script><script type="text/javascript">
<script type="text/javascript">window.__initialDataLoaded(window._newData);</script><script type="text/javascript">window._newData('/p/B9fphP5gBeG/',{"graphql":{"post":{"__typename":"id","id":"2260708142683789190","new_code":"B9fphP5gBeG"}}});</script><script type="text/javascript">
(function(){
function normalizeError(err) {
var errorInfo = err.error || {};
var getConfigProp = function(propName, defaultValueIfNotTruthy) {
var propValue = window._sharedData && window._sharedData[propName];
return propValue ? propValue : defaultValueIfNotTruthy;
};
return {}
}
)
Expected json
{"graphql":{"shortcode_media":{"__typename":"GraphSidecar","id":"2260708142683789190","shortcode":"B9fphP5gBeG","dimensions":{"height":1326,"width":1080}}}}
Note: There are multiple json string in input string, i need json of shortcode_media tag
please use
void main() {
String json = '''
{"graphql":
{"shortcode_media":{"__typename":"GraphSidecar","id":"2260708142683789190","shortcode":"B9fphP5gBeG","dimensions":{"height":1326,"width":1080}}},
"abc":{"def":"test"}
}
''';
RegExp regExp = new RegExp(
"\"shortcode_media\":(\\{.+\\})",
caseSensitive: false,
multiLine: false,
);
print(regExp.stringMatch(json).toString());
}
output
"shortcode_media":{"__typename":"GraphSidecar","id":"2260708142683789190","shortcode":"B9fphP5gBeG","dimensions":{"height":1326,"width":1080}}}
Dartpad
The corresponding Dart RegExp would be:
static final RegExp shortcodeMedia = RegExp(r'"shortcode_media":(\{.+\})");
It does not work, though. JSON is not a regular language, so you can't parse it using regular expressions.
The value of "shortcode_media" in your example JSON ends with several } characters. The RegExp will stop the match at the third of those, even though the second } is the one matching the leading {. If your JSON text contains any further values after the shortcode_media entry, those might be included as well.
Stopping at the first } would also be too short.
If someone reorders the JSON source code to the equivalent
"shortcode_media":{"dimensions":{"height":1326,"width":1080},"__typename":"GraphSidecar","id":"2260708142683789190","shortcode":"B9fphP5gBeG"}
(that is, putting the "dimensions" entry first), then you would only capture until the end of the dimensions block.
I would recommend either using a proper JSON parser, or at least improving the RegExp to be able to handle a single nested JSON object - since you seem to already know that it will happen.
Such a RegExp could be:
RegExp(r'"shortcode_media":(\{(?:[^{}]*(?:\{.*?\})?)*?\})')
This RegExp will capture the correct number of braces for the example code, but still won't work if there are more nested JSON objects. Only a real parser can handle the general case correctly.
Well i'm a student , and i'm still learning the dart language and the flutter framework, I was trying to make an application that makes you able to login into a site with a http post request and get data by manipulating the response of the html source code with some regular expressions to get what you need from the website,
(something like data scraping)
I tried to do that but nothing worked as planned.
I did this project! years ago and it was for desktop, with vb.net, I used a library called xNet which helped me to do that.
For this case I used the http dart package.
Is this kind of work can be done with dart?
Is there any specific packages for this?
Is there any docs available ?
I know html is not a regular language, i asked if it is possible to use http requests to login into a site!?
if i can do that i can manipulate the response and get what i need with some regular expressions.
I wanna do something like
C#
using (HttpRequest req = new HttpRequest())
{
req.UserAgent = Http.ChromeUserAgent;
req.Cookies = new CookieDictionary(false);
req.Proxy = null;
req.IgnoreProtocolErrors = true;
req.AddParam("login", cin.Text);
req.AddParam("no_anti_inject_password", pass.Text);
try {
string Respo = req.Post("http://www.example.com/login.php").ToString;
// to with that 'Respo'
if (Respo.Contains("disconnect"))
{
//Logged
//example
Match NAME = Regex.Match(Respo, "(.*?)");
name.Text = "Name: " + NAME.Groups(1).Value;
}else{
//not logged
//some code...
}
catch{
//some exception
}
}
HTML is not a regular language and so a regular expression is not a good way to scrape data from html. You may be interested in package:html which implements an HTML parser.
I'm retrieving a list of Work Items using the VSTS API and would like to display them on my web app. I can successfully return a list of the work items in the format below:
{"count":1,"value":[{"id":246,"rev":4,"fields":{"System.Id":246,"System.State":"New","System.Title":"test1"},"url":"https://example.visualstudio.com/_apis/wit/workItems/246"}]}
I have tried a regular expression to get the values from this HTTP response with the following code:
HttpResponseMessage getWorkItemsHttpResponse = client.GetAsync("_apis/wit/workitems?ids=" + ids + "&fields=System.Id,System.Title,System.State&asOf=" + workItemQueryResult.asOf + "&api-version=2.2").Result;
if (getWorkItemsHttpResponse.IsSuccessStatusCode)
{
result = getWorkItemsHttpResponse.Content.ReadAsStringAsync().Result;
// Regular expression to extract work item values to display
string parseWI = result.ToString();
var match = Regex.Match(parseWI, "\"System.ID\": (.*)");
workItemsToDisplay = (match.Groups[1].Value);
}
}
}
}
return workItemsToDisplay;
}
This is refusing to return anything though and leaves the textbox I display the workItemsToDisplay in empty. I'm not familiar with regular expressions and i'm sure this is where the issue stems from. Not sure if Microsoft already has sample code to construct a display of Work Items from the response.
Don't use a regex. That's JSON, use a JSON parsing library (JSON.Net is the de facto standard in the .NET world) and then you can easily retrieve specific fields.
I'm storing the page content in a database table. The page content also includes some CF variables (for example "...this vendor provides services to #VARIABLES.vendorLocale#").
VARIABLES.vendorLocal is set on the page based on a URL string.
Next a CFC is accessed to get the corresponding page text from the database.
And this is then output on the page: #qryPageContent.c_content#
But #VARIABLES.vendorLocale# is showing up as is, not as the actual variable. Is there anyway to get a "variable within a variable" to be output correctly?
This is on a CF9 server.
If you have a string i.e.
variables.vendorLocal = 'foo';
variables.saveMe = 'This is a string for supplier "#variables.vendorLocal#'"' ;
WriteOutput(variables.saveMe); // This is a string for locale "foo"
then coldfusion will attempt to parse that to insert whatever variable variables.vendorLocale is. To get around this, you can use a placeholder string that is not likely to be used elsewhere. Commonly you'll see [[NAME]] used for this purpose, so in this example
variables.saveMe = 'This is a string for supplier "[[VENDORLOCALE]]'"' ;
WriteOutput(variables.saveMe); // This is a string for supplier "[[VENDORLOCALE]]"
Now you've got that you can then later on replace it for your value
variables.vendorLocal = 'bar';
variables.loadedString = Replace(variables.saveMe,'[[VENDORLOCALE]]',variables.vendorLocal);
WriteOutput(variables.loadedString); // This is a string for locale "bar"
I hope this is of help
There are lots of reasons storing code itself in the database is a bad idea, but that's not your question, so I won't go into that. One way to accomplish what you want is to take the code you have stored as as string, write a temporary file, include that file in the page, then delete that temporary file. For instance, here's a little UDF that implements that concept:
<cfscript>
function dynamicInclude(cfmlcode){
var pathToInclude = createUUID() & ".cfm";
var pathToWrite = expandPath(pathToInclude);
fileWrite(pathToWrite,arguments.cfmlcode);
include pathToInclude;
fileDelete(pathToWrite);
}
language = "CFML";
somecfml = "This has some <b>#language#</b> in it";
writeOutput(dynamicInclude(somecfml));
</cfscript>