Need a bit of help on XSS - xss

I am trying to execute an XSS on a website, but when I insert the following
< and > (less than and greater than signs)
It changes to:
❮ and ❯
I have tried the following attributes from https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
When I insert the attributes from OWASP, I would still get ❮ and ❯, so that wasn't helpful.
Would anyone be able to give me more insight on this? Please and thanks.
I am just looking to bypass < and > - that's all.
Some information on the website: It's HTML5. (If that helps)

Related

How can I fix the internal error in Django?

I don't have a lot of experience in Django and I am a fairly green developer. When I run the localhost I keep getting a Internal Error. I have tried most of the solutions to similar problems here and none of them works. Can anyone help me? The code is not mine so I don't want to alter it as such either.
Here is a picture of the errors I keep getting:
The only thing you can do without altering the code is to enter the value "shop_all_art" in the HomePage table in the database.
Do not share code via images. You should also share the related code.
Your stacktrace clearly says, that Python is not able to access first element of HomePage.objects.filter(value='shop_all_art') in file bidgala/bidgala/pages/views.py. all_art_img is most probably empty.
Looks like all_art_img is empty.
you should check if a Query has any elements before with a method such as
if all_art_img.exists():
all_art_img[0]

How to save an array of text in PostgreSQL using Django model.?

I am trying to save an array of text containing category types for a hotel system which looks something like this ['category-1', category-2', category-3, category-4] . I am using category_type = ArrayField(models.CharField(max_length=200),null=True) in my models.py
The error i get is
malformed array literal: "" LINE 1: ..., '{category-1,
category-2}'::varchar(200)[], ''::varcha...
^ DETAIL: Array value must start with "{" or dimension information.
The error persist even after processing python list from ['category-1', category-2', category-3, category-4] to {category-1, category-2, category-3, category-4}.
I have gone through postgresql documentation and have found very limited help,
https://pganalyze.com/docs/log-insights/app-errors/U114 this is something similar posted to what i am facing problem with.
Could someone please tell me what am i doing wrong? Any help would be appreciated.
EDIT:
Following is in my View.py
hotel_category=categoryTable(category_type=categorytype)
hotel_category.save()
and i am using categorytype=request.POST.getlist('category-type') in my Views.py to get it from the POST request after user submits the form. This returns a Python list that i have mentioned above, i have manipulated this list to match PostgreSQL ArrayField with '{','}' but i still have this error. If there is anything else you would like me to add, please let me know. :)
This is an update/answer to my question for anyone who faces this issue in the future. After struggling to find help from different resources, i decided to use JSON string to store my python list.
I am using :
categorytype = json.dumps(request.POST.getlist('category-type'))
to encode and using JSONDecoder() to fetch from database and decode. I have no idea how would this impact my further development but for now it seems a decent approach since personally i think ArrayFields are not well supported and documented in Django.
I will keep this post updated as i progress further on how this approach has impacted my development.
Have a nice day.

OpenCart 2.2 error undefined when viewing order info

When I click the view button next to an order (whether from the dashboard or orders page) I get an "error undefined" alert as the page is loading.
I also get the same error when I try and change the order status from the same page and it yields no results.
It also produces no errors in the error log.
I can however change the order status from the edit order page but this is very inconvenient.
If anyone knows a common solution or maybe pointers as to how to start diagnosing the issue please post them here. I've been hunting for answers most of the day and have had no luck with any solutions.
ty in advance.
if you are using SSL Tyr this at upload/admin/controller/sale/order.php
After
$data['store_name'] = $order_info['store_name'];
Remove
$data['store_url'] = $this->request->server['HTTPS'] ? preg_replace("/^http:\/\//", "https://", $order_info['store_url']) : $order_info['store_url'];
Add
$data['store_url'] = $this->request->server['HTTPS'] ? HTTPS_CATALOG : HTTP_CATALOG;
Unfortunately OpenCart 2.2.0.0 is known to be a bit buggy.
Best thing would be to start using 2.3.0.2 (avoid 2.3.0.0 and 2.3.0.1) if possible.

Mongoid 4 finding embedded documents by ID

I have a project that is my first serious dive into Mongoid.
I saw a tip to use the following command:
Parent.where('childrens._id' => Moped::BSON::ObjectId(params[:id])).first
But this doesn't work. Error message was:
NameError: uninitialized constant Moped::BSON
I found that BSON is no longer included, so I added it to my Gemfile, as well as Moped. Then, I did another fix I found (placing Moped::BSON=BSON in application.rb).
This still didn't work, but the error changed to:
NoMethodError: undefined method `ObjectId' for BSON:Module
So I am assuming that this method got deprecated or something. Does anyone have any other tips?
Just to be clear, I am finding myself in the situation where I want to sort embedded documents using jquery-sortable. This requires me to update them in the database, but the serialize from that doesn't include the parent document in the hash. So I figured I'd try to get it on the back end using an ID from the embedded document. That is why I need it.
Thanks again for any help you can provide.
Try simply:
Parent.where('childrens._id' => params[:id]).first
I have solved the question though this won't be of much help to people in the future. The requirements have changed and now I am using human-readable strings as IDs to assist in friendly URLs and some other stuff.
Therefore, I don't have any issues with ObjectIds. Cortex's solution should (from what I have read) work for dealing with ObjectIds but I cannot verify it now.

apache solr auto suggestions

I use solr+django-haystack
I set settings.HAYSTACK_INCLUDE_SPELLING = True
and rebuild index
I'm trying to get any suggestion using:
SearchQuerySet().auto_query('tryng ani word
her').spelling_suggestion()
But I always get None
What should I do to get at least one working suggestion ? may be I
need add some configuration into solr config or have some specific
data indexed ?
Depending on what version of solr you're using you could use EdgeNGrams or the TermsComponent (if your using 1.4). Check out these links, they should get you started in the right direction. I haven't used haystack, so I don't know if there's an easy way to use leverage these solutions in that framework.
EdgeNGrams:
www.lucidimagination.com/blog/2009/09/08/auto-suggest-from-popular-queries-using-edgengrams/
TermsComponent:
wiki.apache.org/solr/TermsComponent
www.lucidimagination.com/search/document/CDRG_ch07_7.13.3
you need to add spelling support to your default request handler in solr conf
see this please
http://wiki.apache.org/solr/SpellCheckComponent