I am currently learning XSS attacks and I wondered - if in an <input> tag double quotes are replaced with " then how to inject the payload.
For example
<input type="text" value="something">
But when I am trying to execute this payload " onmouseover="alert(1) then the final payload becomes like this below
<input type="text" value="" onmouseover="alert(1)">
And when I checked the code it replace in this format
.replace(/"/g,"""))
That's why it's not executing my payload. Even I have tried with double encoding but it's not working
%2522 onmouseover=%2522alert(1)
you use :
%2522 onmouseover=alert(1)
Instead of:
%2522 onmouseover=%2522alert(1)
If you see " getting transformed to " as it passes through the HTML, then that usually means that the application is doing output escaping properly. in general, that means the webapp is well-built.
Related
I am using Jenkins Active Choice plugin. I want to provide a file upload function based on reference variable
The below setting allows me to enter text when i select reference parameter scan_type as vulnerability-Web
What i want is , instead of taking text input it should upload file , and content of the file should be assigned to SELENIUM_RECORDED_FILE
I tried using below groovy
if (scan_type.equals("Vulnerability-Web")) {
inputBox = "<body> <form action='upload.php' method='post' enctype='multipart/form-data'> Select file to upload: <input type='file' name='fileToUpload' id='fileToUpload'> </form>"
return inputBox
}
its adding file upload option but the file content is not stored in SELENIUM_RECORDED_FILE
Please let me know how can we achieve this
Reading through HERE, it looks like you must have
<input type="file" name="file">
Let's say I have:
<span th:if="${#fields.hasErrors('firstName')}" class="color--error" th:errors="*{firstName}"></span>
How do I escape the text if the error text contains HTML? I know for normal text, we can use th:utext.
As of 3.0.8-SNAPSHOT, Thymeleaf-Spring has th:uerrors.
See this GitHub issue for the discussion: https://github.com/thymeleaf/thymeleaf-spring/issues/153
And this change log for 3.0.8: http://forum.thymeleaf.org/Thymeleaf-3-0-8-JUST-PUBLISHED-td4030687.html
th:errors is just a shortcut. You still use th:utext for this, you just have to manually output your errors. In your case, the code could look something like:
<div th:if="${#fields.hasErrors('firstName')}" th:each="err: ${#fields.errors('firstName')}" th:utext="${err}" class="color--error" />
I came across various questions but none of them could solve my problem. I wrote a simple doPost() code in google app script:
function doPost(e){
Logger.log("Hello World");
}
Then I deployed it as a web app and pasted the url on hurl.it to make a post request. However, there is nothing being logged in the log and the response is 200 (Ok). I think it is not going inside this doPost() function. Can anyone guide as to what am I doing wrong here?
Your implementation does not meet all the requirements needed for a web app. Here's an excerpt from the documentation (link):
Requirements for web apps
A script can be published as a web app if it meets these requirements:
It contains a doGet(e) or doPost(e) function.
The function returns an HTML service HtmlOutput object or a content service TextOutput object.
Here are some examples:
function doGet(e) {
var params = JSON.stringify(e);
return HtmlService.createHtmlOutput(params);
}
function doPost(e) {
return ContentService.createTextOutput(JSON.stringify(e.parameter));
}
And just for completeness, you must also redeploy your web App as a new version every time you make changes to the code. Redeploying under an already existing version does not work, you have to make a new version for your changes to take hold.
Also using the standard Logger.log to trace changes within doGet(e) or doPost(e) is unreliable with web apps as they are executed asynchronously. I would recommend logging your output to a spreadsheet. There is an awesome script library called BetterLog that extends the Logger API to do just that; it can be found at the following link:
https://github.com/peterherrmann/BetterLog
UPDATE 2018-07-18
Apps Script now supports StackDriver Logging which is accessible from the Apps Scripts editor's View menu.
in order for the "exec" version of the published Web App URL to run with any new changes, you must publish a new version every time that you make a change to your script. It does not matter how small the change is. Instead of using Logger.log("Hello World"); I would write a value to a spreadsheet.
SpreadsheetApp.openById(id).getSheetByName(name).appendRow(['test']);
There are 2 different URL's for your Web App. One with 'dev' on the end and the other with 'exec' on the end. The 'dev' version is always the current code. The 'exec' version never changes unless you publish a new version.
I struggled with this for AWHILE NOW and I finally got lucky.
I use w3schools alot so I read fully on the form element and its attributes.
The ACTION attribute seems to be the key in getting doPost(e) to work for me and GAS.
Here's my HTML (removed opening and closing angle brackets)
<form
action="https://script.google.com/a/[org]/macros/s/[scriptID]/exec"
method="post" target="_blank" >
First name: input type="text" name="fname"<br>
Last name: input type="text" name="lname"<br>
input type="submit" value="Submit"
</form>
Here's my doPost ( the Logger ran as well as the new window displaying e.parameter)
function doPost(e){
Logger.log("I WAS RAN!!")
if(typeof e !== 'undefined') {
return ContentService.createTextOutput(JSON.stringify(e.parameter));
}
}
One of the reason can be you are using a Rest client like Postman. It won't work, though I don't know the reason why.
Try with a normal form like this and it will work:
<!DOCTYPE html>
<html>
<body>
<form action="https://script.google.com/macros/s/AKfyc.../exec">
First name:<br>
<input type="text" name="param1" value="ABC">
<br>
Last name:<br>
<input type="text" name="param2" value="XYZ">
<br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
Got myself a bit of a problem (only occurring in Tomcat 8.5, but I'll need to handle it)...
I'm trying to open up a dojox.widget.DialogSimple, using an href, that has a long url/data string. Setting the HREF on instantiation causes it to fail as a malformed URL, because it's too long. So, I want to be able to do it as an xhrPost. Is there a way to set this up using the ioArgs property? I haven't been able to find any documentation giving examples of this.
You are correct. An over-long URL string for an HTTP "GET" can cause problems: Web Services: maximum length of HTTP GET request?. In general, the solution is to do a "POST" instead.
Would this solution work for you?
Dojo - how to submit data using a Dialog form
<div dojotype="dijit.Dialog" id="subscription" title="subscription form" execute="alert('Transmitted');">
<form action="PATH_TO_PHP_PAGE" method="POST">
<!--input widgets-->
<!--submit button widgets-->
</form>
</div>
Hi i want to replace a token value in ant script with following string
<TagType Name="some name" param1="prefix=%s" param2="_default" />
since we cannot give directly '<','"','%' into an ant script, we need to use escape sequences like '<','"'..
Is there any online tool which can apply escape characters for a given string?
I hope already there are tools for this :)
For a given string like this
<TagType Name="some name" param1="prefix=%s" param2="_default" />
I need escaped string like this
<TagType Name="some name" param1="prefix=%s" param2="_default" />
At last i found this online tool which does the job of xml escaping.
http://www.freeformatter.com/xml-escape.html