how to find a website vulnerabilities [closed] - xss

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Has anyone got the idea how to find a website vulnerabilities issues?
like:
Log in as the user test Find the admin control page as a non adminuser
Get the website to print out full debug information for an error
Using a diļ¬€erent method from part (1), log in as user1#gmail.com
Use an XSS attack to open a pop up window displaying a website of your
choice1
Describe how a similar XSS attack could be used to log in as
admin
Get the store to owe you money Log in as the user admin
Access the basket of a user, while not logged on as that user
Describe a CSRF attack that can be used to change someones password
Many thanks

The Open Web Application Security Project maintains several guides describing the types of attacks that can be done on web applications. You may want to start with:
The Getting Started Guide
The Top 10 Guide which documents the most common types of vulnerabilities
The Guide Project which is attempting to build in-depth documentation of vulnerability classes
The Testing Project
In addition, other vendors have their own lists; for example, Microsoft has one that is no longer updated.

Related

send a body value from a service to BAM [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I have difficulties to understand how to log a XML XPath property in a webservice with WSO2 BAM.
Indeed I want to basically take a subset of the payload returned by my backend and send this subset to WSO2 BAM
How to do it ?
Tks
Nicolas
You can use the Property mediator in ESB to capture the product price using xpath in the message body and set it as a property in Message Context of ESB. Next to the Property mediator add the BAM mediator to ESB sequence and capture the property in the Message Context as shown in [1]. In the document it has shown how to capture the System Date. Similarly you can capture the product price property. (e.g., get-property('product_price'))
[1] http://docs.wso2.org/wiki/display/BAM220/Setting+up+BAM+Mediator

How to create a news feed like Facebook using Django, Tastypie, Redis and the task queue Gearman? [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
Can anyone recommend or create a tutorial on how to make a news feed similar to that of Facebook's only using Django, Tastypie (webservice API framework for Django), Redis (key-value store) and Gearman (task queue)?
Currently I have user model, post model, favorites model and a comment model. I have created Tastypie resources with these models to allow for favoriting, liking, commenting and posting.
I would like to know how to generate feed actions that apply directly to the user. For example:
User1 commented on your post. (2 seconds ago)
User2 liked your post. (3 mins ago)
User2 & User1 favorited your post (5 mins ago)
I really require in depth examples and tutorials on how to build an activity feed using the technologies above. Any help would be appreciated.
You can create an activity stream with the app django-activity-stream.

How to require login in opencart? (Private Shopping) [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
l want to private shopping with Open cart. How?
OpenCart does not have a feature that enables you to set the shop up to require a username and password before accessing the shop.
You can configure it to require a log-in before check-out, and also to log-in before showing prices. From the admin interface...
Login Display Prices:
Only show prices when a customer is logged in.
yes/no
Guest Checkout:
Allow customers to checkout without creating an account. This will not be available when a downloadable product is in the shopping cart.
yes/no
However, although OpenCart doesn't provide the functionality you're looking for, it'd be easy to add with an OpenCart extension. You could write one, or it looks like there is one in the OpenCart extensions directory already, see http://www.opencart.com/index.php?route=extension/extension/info&extension_id=6230

some questions about Facebook Graph api [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I have been doing extensive research on facebook graph api and still have several issues that are unclear to me.
I searched in FACEBOOK API for this question but I didn't find good information about
where I can found "Facebook limitations" ( ex. no. sending messages per day , searching , creating events , invitations ) ?
2.Sorry for asking this question again in forum but really I would like to know if there is new way that can solved my problem .
about sending private message to friends through graph api instead of using Send Dialog?
Is there is way to fill "To,Message" fields in Send Dialog as default values?
inviting friends to event through api it's possible ?
how can I read posting/comments on friends wall without getting specific permission from my friends ?
Thanks
I searched in FACEBOOK API for this question but I didn't find good
information about where I can found "Facebook limitations" ( ex. no.
sending messages per day , searching , creating events , invitations )
?
There really aren't any - except I haven't seen a known API for searching feeds of a user.
2.Sorry for asking this question again in forum but really I would like to know if there is new way that can solved my problem . about
sending private message to friends through graph api instead of using
Send Dialog?
Is there is way to fill "To,Message" fields in Send Dialog as default
values?
inviting friends to event through api it's possible ?
All possible - On any client, if you have an oauth token, you can always send messages to the user, without bubbling the To, Message dialogues. Or, if you have them on the server, your client can ask the server to post those messages non-interactively!
You need certain permissions for authorization before you attempt reading the feeds. Facebook does document the default app permissions you have.
how can I read posting/comments on friends wall without getting
specific permission from my friends ?

Is it okay to use photos of Facebook users who have liked my page on a web site? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am the webmaster for a large online school. On our visitors page I would like to use the photos of Facebook users who have liked our page. The photos would be used in a header graphic, and would not be altered in anyway. Is this okay?
Thank you
No. Without permission it is ethically wrong.
Go for it.
Your users may detest you, but they had the opportunity to read the Facebook Data Use Policy before starting use of the service:
Information you choose to make public Choosing to make your
information public is exactly what it sounds like: anyone, including
people off of Facebook, will be able to see it. Choosing to make your
information public also means that this information:
can be associated with you (i.e., your name, profile picture, Facebook profile, User ID, etc.) even off Facebook
can show up when someone does a search on Facebook or on a public search engine
will be accessible to the games, applications, and websites you and your friends use
will be accessible to anyone who uses our APIs such as our Graph API.
Facebook doesn't provide an API of who likes your page so it will be difficult for you to get a complete list. However Facebook provides social plugins that will show the pictures of who likes a page so I don't see why you wouldnt be able to do this.