About 20 results out of 1796 (0.23 seconds)
Basic XSS Guide #1 -  Alert() - Redirection - Cookie Stealing

Channel Title : JackkTutorials

Views : 66741

Likes : 727

DisLikes : 41

Published Date : 2016-04-05T23:00:00.000Z

Visit https://bugcrowd.com/jackktutorials to get started in your security research career! G2A Re-link: https://www.g2a.com/?reflink=jackk1337 In this tutorial jackktutorials shows you how to get started with XSS Cross Site Scripting in BWAPP including Alert(), Webpage redirection and Cookie Stealing. LINKS AND RESOURCES ************************* Cookie Stealing Tutorial - https://youtu.be/Nv6CPs_j7hc XSS Definition - https://en.wikipedia.org/wiki/Cross-site_scripting Cookie Stealer Source - https://www.jackktutorials.com/?page_id=21 WAMP Server - http://www.wampserver.com/en/ GET MORE JACKKTUTORIALS! ******************************** Website: http://www.jackktutorials.com Forums: http://www.jackktutorials.com/forums Facebook: http://www.facebook.com/jackktutorials Twitter: http://www.twitter.com/jackk1337 Email: [email protected] Business Contact: [email protected] G2A Re-link: https://www.g2a.com/?reflink=jackk1337
Cracking Websites with Cross Site Scripting - Computerphile

Channel Title : Computerphile

Views : 993131

Likes : 20738

DisLikes : 402

Published Date : 2013-10-23T13:56:48.000Z

Audible free book: http://www.audible.com/computerphile JavaScript is dangerous! Why? How are websites vulnerable to it? Find out about bug-bounties from Tom Scott. More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels

Channel Title : ali hayali

Views : 21

Likes : 0

DisLikes : 0

Published Date : 2017-11-06T13:21:21.000Z


Channel Title : Alexander Yang

Views : 206

Likes : 0

DisLikes : 0

Published Date : 2011-12-14T21:01:51.000Z

http://shafigullin.pro/share.html?' http://shafigullin.pro/share.html?" http://shafigullin.pro/share.html?#'
Steal sensitive information & credentials with XSS

Channel Title : Shawar Khan

Views : 3500

Likes : 44

DisLikes : 5

Published Date : 2016-05-05T18:21:21.000Z

Disclaimer: This video is only for educational purposes. I am not responsible for any damage done using this technique. A technique used for stealing sensitive information and credentials of a user using XSS vulnerability. View full article on http://shawarkhan.com
Hiding JavaScript in Picture Files for XSS

Channel Title : Don Does 30 Official

Views : 13382

Likes : 315

DisLikes : 17

Published Date : 2017-10-12T20:11:04.000Z

How to hide JavaScript in GIF, BMP, WEBP, PNM, or PGF files for the purposes of cross-site scripting. The site is required to receive the file without stripping metadata, and needs to be vulnerable to XSS to run the script (future tutorial). Git: https://github.com/jklmnn/imagejs

Channel Title : Rekcah Nexus

Views : 158

Likes : 1

DisLikes : 0

Published Date : 2013-03-26T04:20:33.000Z

Cross Site Scripting (XSS)-3 (XSS stored IFRAME and COOKIE Exploit)

Channel Title : Hacking Monks

Views : 4621

Likes : 36

DisLikes : 4

Published Date : 2017-01-11T16:22:36.000Z

Hello guys. We are the hacking monks. Here is our blog – http://www.hackingmonks.net/p/home.html Here is our Facebook Page - https://www.facebook.com/Hacking-Monks-1589849474562976/?ref=settings
Cross Site in Bitcoinget | Faizan Online |

Channel Title : Faizan Online

Views : 103

Likes : 5

DisLikes : 0

Published Date : 2019-07-04T19:04:33.000Z

xss in bitcoinget.com payload test img src x onerror alert document domain facebook.com/iamfaizanakhtar

Channel Title : kof2002

Views : 217

Likes : 1

DisLikes : 0

Published Date : 2014-03-27T23:56:01.000Z

t" onmouseover=prompt(document.domain);a=t
Open redirection vulnerability in ford website

Channel Title : MaXecurity Group

Views : 26

Likes : 2

DisLikes : 0

Published Date : 2019-07-09T11:41:40.000Z

Open redirection vulnerability in main ford website bug hunting hackerone bug bounty program What is an Open Redirection Vulnerability and How to Prevent it? An Open Redirection is when a web application or server uses a user submitted link to redirect the user to a given website or page. Even though it seems like a harmless action, to let a user decide on which page he wants to be redirected to, if exploited such technique can have a serious impact especially when combined with other vulnerabilities and tricks. How can An Open Redirect Web Vulnerability be exploited? Abusing the Trust Users Have in the Vulnerable Website Since the domain name in a URL is typically the only indicator for a user to recognize a legitimate website from a non-legitimate one, an attacker can abuse this trust to exploit an open redirect vulnerability on the vulnerable website, and redirect the user to a malicious page to execute further attacks, as explained in the following sections. Exploiting an Open Redirect Vulnerability for a Phishing Attack When the user clicks on a link of a legitimate website he often won’t be suspicious if suddenly a login prompt shows up. To launch a successful phishing attack the attacker sends the victim a link, for example via email, which exploits the vulnerability on the vulnerable website example.com: https://example.com/redirect.php?go=http://attacker.com/phish/ By exploiting the open redirect vulnerability on the legitimate website, the attacker is redirecting the victim to, http://attacker.com/phish which is a phishing page that is similar to the legit website. Once the visitor is on the attacker's malicious website, he enters his credentials on the login form which points to a script that is controlled by the attacker. The script is typically used to save the username and the password that is being typed in by the victim, which attackers typically use at a later stage to impersonate the victim on the legitimate website. The probability of a successful phishing attack are quite high since the domain example.com is shown when the user clicks on the link. Exploiting an open redirection vulnerability to launch a phishing attack. Exploiting an Open Redirect Vulnerability to Redirect Victims to Malicious Websites It is also possible to redirect an otherwise careful internet user to a site hosting attacker controlled content, like a browser exploit or a page executing a CSRF attack. As above, the chances that the victim clicks the link are higher if the site the link points to is trusted by the victim. An example is an open redirect in a trustworthy page like a banking site, that directs the victim to a page with a CSRF exploit against a vulnerable wordpress plugin. Exploiting An Open Redirection Vulnerability to Execute Code Redirecting to javascript: URIs An open redirection vulnerability in a web application can also be used to execute a XSS payload by redirecting to javascript: URIs. Those can be used to directly execute javascript code in the context of the vulnerable website. An example would be this: https://example.com/index.php?go=javascript:alert(document.domain) The above would show an alert window with the content from example.com. However in most modern browsers this only works when the redirection is javascript based. That means that a location header with javascript: will not execute the code and might show an error message instead. Another URI scheme that’s useful for an attacker is data:. While this does not work in webkit based Browsers like Google Chrome or Opera anymore, in Mozilla FireFox the attacker can still redirect to it. What this does is writes data directly to the browser window, which could ease the process of creating phishing pages, even without using a web server to host them. What is the Impact of an Open Redirection Vulnerability? As mentioned above the impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. How Can You Prevent Open Redirection Vulnerabilities? The easiest and most effective way to prevent vulnerable open redirects would be to not let the user control where your page redirects him to. If you have to redirect the user based on URLs, you should always use an ID which is internally resolved to the respective URL. If you want the user to be able to issue redirects you should use a redirection page that requires the user to click on the link instead of just redirecting them. You should also check that the url begins with http:// or https:// and also invalidate all other URLs to prevent the use of malicious URIs such as javascript: Vulnerability Classification and Severity Table
Best two scripts for eBonus.gg (updated 2018)

Channel Title : Samke GpG

Views : 766

Likes : 9

DisLikes : 1

Published Date : 2018-11-14T08:21:49.000Z

// ==UserScript== // @name eBonus.gg [Captcha Skip] Pro // @namespace http://www.mediafire.com/file/u55hupzyiy14ye8/Captcha%20Ebonus.user.js // @version 1.0.0 // @description This automatically clicks on any recaptcha on the webpage and submits it directly after you solved it // @author Minh Hieu Nguyen // @match http://eBonus.gg/lol // @include * // @grant none // ==/UserScript== var domain = (window.location != window.parent.location) ? document.referrer.toString() : document.location.toString(); if (domain.indexOf('miped.ru') == -1 && domain.indexOf('indiegala') == -1 && domain.indexOf('gleam.io') == -1) { //You can exclude domains here (advanced) if (location.href.indexOf('google.com/recaptcha') _ -1) { var clickCheck = setInterval(function() { if (document.querySelectorAll('.recaptcha-checkbox-checkmark').length _ 0) { clearInterval(clickCheck); document.querySelector('.recaptcha-checkbox-checkmark').click(); } }, 100); } else { var forms = document.forms; for (var i = 0; i _ forms.length; i++) { // ==UserScript== // @name eBonus.gg Pro // @namespace Daniel Fontenelle // @version 1.3 // @description Auto clique no próximo vídeo, clique automático na bolha e recarrega a página automaticamente com vídeos quebrados. // @author Daniel Fontenelle (FACEBOOK: https://www.facebook.com/danielll.fontenelle ) // @match https://ebonus.gg/earn-coins/watch/lol // @grant none // ==/UserScript== setInterval(function() { window.location.reload(); }, 170000); $(document).ready(function(){ var coinsclicker = setInterval(function() { ClickNext(); ClickOnBubble(); }, 1000); window.ClickNext = function(){ if ($(".coins_popup").length _ 0) { console.log("clicked"); $(".coins_popup").click(); } }; window.ClickOnBubble = function(){ if ($(".sweet-alert.showSweetAlert.visible").length _ 0) { console.log("clicked"); $(".confirm").click(); } }; });
Copy of xss'-confirm(document.domain)-'

Channel Title : Deepak tqwe

Views : 13

Likes : 0

DisLikes : 1

Published Date : 2017-03-01T17:54:54.000Z


Channel Title : code exploit

Views : 12

Likes : 0

DisLikes : 0

Published Date : 2015-05-17T07:26:39.000Z

I created this video with the YouTube Video Editor (http://www.youtube.com/editor)
XSS Cross Site Scripting Demonstration

Channel Title : Imperva

Views : 187643

Likes : 440

DisLikes : 34

Published Date : 2009-07-02T03:17:49.000Z

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.
XSS on Google Search - Sanitizing HTML in The Client?

Channel Title : LiveOverflow

Views : 322731

Likes : 9589

DisLikes : 138

Published Date : 2019-03-31T11:57:21.000Z

An actual XSS on google.com by Masato Kinugawa. It abuses a parsing differential between a JavaScript enabled and disabled context. The fix: https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Ellusionist HTML Injection + Persistent XSS

Channel Title : Spade

Views : 51

Likes : 1

DisLikes : 0

Published Date : 2017-03-04T06:15:30.000Z

XSS (cross site scripting ) filter evasion series stage 8

Channel Title : Vishwaraj Bhattrai

Views : 1067

Likes : 3

DisLikes : 0

Published Date : 2015-02-02T06:19:14.000Z

payload used : javascript:alert(document.domain); challenge link : http:--xss-quiz.int21h.jp-stage008.php
video127 script alert('test1');/script http://example.com/  #cool

Channel Title : socialisten Area 51

Views : 145

Likes : 3

DisLikes : 2

Published Date : 2015-05-04T09:33:52.000Z

© scriptalert('cookie!');/script or are you strongbold/strong or let's see "what & we can ﶾ or cannot @bananorama do +test   - 00a0 link. äöü bo/b #tag next "l' H&M scriptalert('c');/script ' ' http://socialisten.at/ MENTION tab ends 00a0
How to Attack on cross site scripting vulnerable websites (XSS)

Channel Title : A Team

Views : 870

Likes : 5

DisLikes : 5

Published Date : 2018-08-20T18:39:08.000Z

How to Attack on cross site scripting vulnerable site (XSS) Hey guys! Rogue Flame from A Team here back again with another video, in this video, we will be looking at how to attack Vulnerable cross-site script XSS website using google dork. cross site scripting vulnerable website find cross site scripting vulnerable website (XSS) How to Attack on cross site scripting vulnerable website (XSS) XSS vulnerable attack XSS vulnerable sites 2018.XSS vulnerable website I Hope you enjoy/enjoyed the video. If you have any questions or suggestions feel free to ask them in the comments section Thanks for watching! social media Facebook https://www.facebook.com/ateamadmin Благодаря за гледането 感谢您观看 Merci d'avoir regardé Grazie per la visione Gracias por ver شكرا للمشاهدة देखने के लिए धन्यवाद
5-9 xss challanges

Channel Title : Vishnu Bhardwaj

Views : 20

Likes : 0

DisLikes : 0

Published Date : 2019-05-01T01:41:19.000Z

"><img src=x onerror=alert(document.domain)>

Channel Title : charlie'z yoski\

Views : 1080

Likes : 0

DisLikes : 0

Published Date : 2015-02-08T23:14:12.000Z

"><img src=x onerror=alert(document.domain)>
Cross-Site Scripting Explained - Part 7: HTML Events

Channel Title : webpwnized

Views : 5039

Likes : 17

DisLikes : 0

Published Date : 2012-01-29T16:45:52.000Z

Author: Jeremy Druin Twitter: @webpwnized Description: This video demonstrates injecting cross site scripts into HTML events. The example requires a prefix to close off an existing JavaScript statement in the onclick event targetted. Any script injected into the HTML event will be executed when the user clicks the BACK button on the page. Mutillidae is a free web application which is vulnerable on purpose to give a training envoronment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. Updates about Mutillidae are announced on Twitter at @webpwnized. Mutillidae can be downloaded from irongeek.com Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized! The webpwnized YouTube channel is dedicated to information security, security testing and ethical hacking. There is an emphasis on web application security but many other topics are covers. Some of these include forensics, network security, security testing tools and security testing processes. The channel provides videos to encourage software developers and system administrators to perform security testing. Also, the channel educates the next generation of security testers and bug bounty hunters who want to respectfully, legally and ethically help system owners that allow security testing.
Cross-Site Scripting(XSS) using image file upload

Channel Title : Shawar Khan

Views : 15034

Likes : 69

DisLikes : 36

Published Date : 2015-07-21T04:39:38.000Z

In this video i will tell you about executing cross-site scripting(XSS) attack using a file upload.This method can be used with other file types like bmp png and other types. Site: Shawarkhan.com Facebook: www.facebook.com/shawarkhanskofficial
XSS in sandbox domains GOOGLE

Channel Title : MMMAAA OOOUUU

Views : 232

Likes : 1

DisLikes : 0

Published Date : 2015-07-16T06:27:23.000Z

Google uses a range of sandbox domains to safely host various types of user-generated content. Many of these sandboxes are specifically meant to isolate user-uploaded HTML, JavaScript, or Flash applets and make sure that they can't access any user data. For this reason, we recommend using alert(document.domain) instead of alert(1) as your default XSS payload. In particular, if you see script execution in any subdomains of the domains in this list: ad.doubleclick.net googleusercontent.com googlecode.com codespot.com feeds.feedburner.com googleadservices.com googledrive.com googlegroups.com {your-blog-name}.blogspot.com {your-app-name}.appspot.com
Exploiting a Cross-site Scripting (XSS) vulnerability on Facebook

Channel Title : acunetix

Views : 41719

Likes : 76

DisLikes : 20

Published Date : 2010-07-27T09:53:44.000Z

The following video shows how an attacker may exploit a cross-site scripting vulnerability on Facebook.com regardless of the HTTPOnly cookie protection used. Of course, this goes way beyond showing an "alert()" popup in Javascript, since the attacker is also able to hijack the victim's Facebook account. We also published an article to explain in more technical detail the works behind abusing such a flaw. http://www.acunetix.com/websitesecurity/xss-facebook.htm Facebook rates as the second most popular website on the internet with 400 million active users. When such a website has common web application security flaws, they are going to be abused for one's gain. When we came across an obvious cross-site scripting vulnerability, we decided to show that an attacker could do that. We worked with Facebook to make sure that this vulnerability is fixed. We would like to thank their security team for quickly fixing it. For more information visit http://www.acunetix.com
Security(Section access, Section Application) and Hidden Script - QlikView Tutorial - Session 17

Channel Title : Trending Courses

Views : 154

Likes : 2

DisLikes : 0

Published Date : 2018-12-06T13:04:59.000Z

In this session you will learn about Security(Section access, Section Application) and Hidden Script Security ------------ Document Level ------------------------ Section Access Server Level ----------------- Qlikview Publisher Section Access --------------------- Section Access; Load * ..................; Section Application; ACCESS,USERID,PASSWORD,NTUSER,NTDOMAIN,SERIAL,OMIT Section Access; Load * Inline [ ACCESS,USERID,PASSWORD,LINK ADMIN,admin,admin,* USER,user1,user1,US USER,user2,user2,UK USER,user3,user3,FR USER,user1,user1,UK USER,user4,user4 ] Section Application; Sales: Load * Inline [ LINK, Country, Sales US, USA, 1000 UK, United Kingdom, 800 FR, France, 750 DE, Germany, 940 ];

Channel Title : HACK THE PLANET

Views : 76

Likes : 0

DisLikes : 0

Published Date : 2017-04-21T14:27:51.000Z

Hacking 101 - Cross site scripting - web security tutorial

Channel Title : GhostBit

Views : 216

Likes : 6

DisLikes : 0

Published Date : 2019-03-16T09:24:30.000Z

Hello World! Welcome to my channel. In this video, I am Going to show you what is Cross site scripting? And how to use it. What is Cross site scripting? Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. There are 3 types of XSS, I'm going to talk about the 2 most used: ►Reflected XSS Attack: When an attacker inject his malicious script into a search query, a search box, or the end of an URL, it's called Reflected XSS Attack. It's like throwing a ball against a wall and receive him back. ►Stored XSS Attack: Is when an injected XSS script is stored permanently on a website, for example in a guestbook or bulletin board. Stored XSS hit's everyone who just reaches the site with the malicious code. How to Protect Yourself: The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet. Also, it's crucial that you turn off HTTP TRACE support on all web servers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported by the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all web servers. Thanks for watching my video hit like Button, Subscribe to this channel and press bell icon for more videos. ►"Install bwapp in xampp": https://youtu.be/N95oGV4QNro subscribe": https://goo.gl/9kbN6d ►"Free Ethical Hacking Course": https://goo.gl/oVMSpf ►"Hacking 101- Find Sub-Domain- web security tutorial":https://youtu.be/vLFoFi7RJ3c ►"Domain Information Gathering": https://youtu.be/SL3nufBODUY ►"Convert Any File Or Folder Into ISO File.":https://youtu.be/8F-YLnrwjxA ►"how to hack windows 10." https://www.youtube.com/watch?v=T8mtHFA2wPI ►"How to use phishing attacks for Facebook." https://www.youtube.com/watch?v=TaWKeS7yzBg ►"how to change IP address and location." https://www.youtube.com/watch?v=-yzgPrs1oms ~-~~-~~~-~~-~- ~-~~-~~~-~~-~- Tobu - Colors [NCS Release] https://youtu.be/MEJCwccKWG0 http://www.youtube.com/tobuofficial Music promoted by Audio Library https://youtu.be/PQC7VaL7xlc -~-~~-~~~-~~-~-
The Gambino Family, Carlo Gambino, and John Gotti

Channel Title : The History Guy: History Deserves to Be Remembered

Views : 79932

Likes : 6522

DisLikes : 62

Published Date : 2019-06-19T11:41:00.000Z

The Gambino family is one of the "Five Families" of mafia infamy and has a storied history. Its leaders, with a few notable exceptions, have a history of untimely passings. The last time a family boss was rubbed out, John "the Teflon Don" Gotti's reported assassination of Paul Castellano in 1985, deserves to be remembered. This is original content based on research by The History Guy. Images in the Public Domain are carefully selected and provide illustration. As images of actual events are sometimes not available, images of similar objects and events are used for illustration. All events are portrayed in historical context and for educational purposes. No images or content are primarily intended to shock and disgust. Those who do not learn from history are doomed to repeat it. Non censuram. Special thanks to the Mob Museum: The National Museum of Organized Crime and Law Enforcement in Las Vegas: https://themobmuseum.org/ Find The History Guy at: Facebook: https://www.facebook.com/TheHistoryGuyYT/ Patreon: https://www.patreon.com/TheHistoryGuy The History Guy: History Deserves to Be Remembered is the place to find short snippets of forgotten history from five to fifteen minutes long. If you like history too, this is the channel for you. Subscribe for more forgotten history: https://www.youtube.com/channel/UC4sEmXUuWIFlxRIFBRV6VXQ?sub_confirmation=1. Awesome The History Guy merchandise is available at: https://teespring.com/stores/the-history-guy Script by HCW #ushistory #thehistoryguy #mafia
HTML5 Web Messaging API Demo: Multi-window 2D Canvas Game

Channel Title : Rodrigo Silveira

Views : 4832

Likes : 19

DisLikes : 2

Published Date : 2013-03-24T04:10:47.000Z

A demo of part of an HTML5 game I'm developing for a book I'm writing for Packt Publishing. The video demonstrates how to pass messages back and forth between windows from different origins. Here I have a parent host window that spawns three child windows. These windows have a canvas that draws a block somewhere specified by the parent windows. The parent window moves the block around the complete world space, then tells each window to display the block within its own localized world space. If the cube is not within drawing range of one of the windows, that window is told not to draw anything. --- Cross-document messaging: --- Web browsers, for security and privacy reasons, prevent documents in different domains from affecting each other; that is, cross-site scripting is disallowed. While this is an important security feature, it prevents pages from different domains from communicating even when those pages are not hostile. This section introduces a messaging system that allows documents to communicate with each other regardless of their source domain, in a way designed to not enable cross-site scripting attacks. The task source for the tasks in cross-document messaging is the posted message task source. For example, if document A contains an iframe element that contains document B, and script in document A calls postMessage() on the Window object of document B, then a message event will be fired on that object, marked as originating from the Window of document A. The script in document A might look like: var o = document.getElementsByTagName('iframe')[0]; o.contentWindow.postMessage('Hello world', 'http://b.example.org/'); To register an event handler for incoming events, the script would use addEventListener() (or similar mechanisms). For example, the script in document B might look like: window.addEventListener('message', receiver, false); function receiver(e) { if (e.origin == 'http://example.com') { if (e.data == 'Hello world') { e.source.postMessage('Hello', e.origin); } else { alert(e.data); } } } This script first checks the domain is the expected domain, and then looks at the message, which it either displays to the user, or responds to by sending a message back to the document which sent the message in the first place. window . postMessage(message, targetOrigin [, transfer ]) Posts a message to the given window. Messages can be structured objects, e.g. nested objects and arrays, can contain JavaScript values (strings, numbers, Dates, etc), and can contain certain data objects such as File Blob, FileList, and ArrayBuffer objects. Objects listed in transfer are transferred, not just cloned, meaning that they are no longer usable on the sending side. If the origin of the target window doesn't match the given origin, the message is discarded, to avoid information leakage. To send the message to the target regardless of origin, set the target origin to "*". To restrict the message to same-origin targets only, without needing to explicitly state the origin, set the target origin to "/". Throws a DataCloneError if transfer array contains duplicate objects or if message could not be cloned. Note: When a script invokes the postMessage(message, targetOrigin, transfer) method (with two or three arguments) on a Window object, the user agent must follow these steps: (Source: http://www.w3.org/TR/webmessaging/) --- For more HTML5 tutorials, articles, and demos, check out my website at http://www.rodrigo-silveira.com
Java Script For Döngüsü - Java Script Dersleri

Channel Title : JavascriptDersleri

Views : 158

Likes : 0

DisLikes : 0

Published Date : 2013-12-22T19:57:10.000Z

Java Script alert kullanımı, confim kullanımı, değişkenler, document write kullanımı, ekrana yazı yazdırma,foksiyon çağırma,fonksiyon oluşturma,for döngüsü,if yapısı,prompt kullanımı,set time out ve set interval, string to upper case, java script dersleri.
Step by Step HTTP Cookie Tutorial

Channel Title : Hussein Nasser

Views : 784

Likes : 43

DisLikes : 0

Published Date : 2019-05-02T02:57:11.000Z

💻 More Software engineering videos https://www.youtube.com/playlist?list=PLQnljOFTspQXOkIpdwjsMlVqkIffdqZ2K HTTP Cookies are small pieces of data that are used as storage medium in the browser and are also sent to the server with each request. Cookies are mainly used for session management, user personalization, and tracking. In this video we will try to demystify cookies and learn everything there is to them by example and with demos as well! Creating Cookies 1. Document.cookie (client side) 2. set-cookie header (server side) Cookies Properties Sent with each request Cookies are automatically sent to the server with each request. so becareful not to stuff your app with cookies because it might slow down as network bandwidth become saturated with bloated requests.. Per Domain They are stored per domain think of them as cookie buckets, for instance you visit google.com you will get a specific cookie for google.com, any cookies created while in google.com will go to the google.com bucket and so on. there are exceptions but this the general rule. by default if you create cookie, it will only be accessable within the domain, it will only be sent to the same domain. You can create a cookie with the domain property which will also include subdomains. example, domain=husseinnasser.com , includes blog.husseinnasser.com, about.husseinnasser.com etc.. Example.com www.example.com Path specific cookies cookies for a given path only. /r1 /r2 routes make only cookie for r1 and cookie for r2 client will only send cookies for that path. if you know you are going to use the cookies in certain paths why waste precious bandwidth sending it with every path? Cookies Types 1. Session cookie - no expires or max-age, once browser close they are “deleted” browsers are being smart and keep them though 2. permanent cookie - set max-age 3. httponly cookie cannot be accessed with document.cookie 4. secure cookie only acceptable with https 5. Third party cookie - page references another page, gets its own cookies.. 6. Zombie Cookies - recreted even after users delete them, e-tags from the server Cookie Security 1. Stealing cookies, inject XSS script, 2. cross site request forgery, more dangerous and easier, I don’t want your cookie I just want to make a request on your behave using your cookie and make myself an advtange as a result.. since you are signed in to your bank I will inject a script that makes a request ot YOUR bank to transfer myself money.. samesite Stay Awesome! Hussein
Calling live json web service using jquery ajax

Channel Title : kudvenkat

Views : 65436

Likes : 340

DisLikes : 9

Published Date : 2015-06-17T20:20:07.000Z

Link for all dot net and sql server video tutorial playlists https://www.youtube.com/user/kudvenkat/playlists?sort=dd&view=1 Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/06/calling-live-json-web-service-using.html In this video we will discuss how to call a live weather web service that returns JSON data using jquery ajax. For the purpose of this demo, we will be using the live weather web service that returns JSON data. The web service can be found at the following URL. http://openweathermap.org/current We want to retrieve weather data from the web service and display it on a web page. Here is the HTML and jQuery code used in the demo <html> <head> <script src="jquery-1.11.2.js"></script> <script type="text/javascript"> $(document).ready(function () { $('#btnGetWeather').click(function () { var resultElement = $('#resultDiv'); resultElement.html(''); var requestData = $('#txtCity').val() + ',' + $('#txtCountry').val(); $.ajax({ url: 'http://api.openweathermap.org/data/2.5/weather', method: 'get', data: { q: requestData }, dataType: 'json', success: function (response) { if (response.message != null) { resultElement.html(response.message); } else { resultElement.html('Weather: ' + response.weather[0].main + '<br/>' + 'Description: ' + response.weather[0].description); } }, error: function (err) { alert(err); } }); }); }); </script> </head> <body style="font-family:Arial"> <table> <tr> <td>City</td> <td><input type="text" id="txtCity" /></td> </tr> <tr> <td>Country</td> <td><input type="text" id="txtCountry" /></td> </tr> </table> <input type="button" id="btnGetWeather" value="Get Weather Data"> <br /><br /> <div id="resultDiv"> </div> </body> </html>
Set and get multiple cookies in JavaScript

Channel Title : kudvenkat

Views : 28770

Likes : 111

DisLikes : 3

Published Date : 2015-02-20T21:42:29.000Z

Link for all dot net and sql server video tutorial playlists http://www.youtube.com/user/kudvenkat/playlists Link for slides, code samples and text version of the video http://csharp-video-tutorials.blogspot.com/2015/02/set-and-get-multiple-cookies-in.html In this video, we will discuss how to set and get multiple cookies in JavaScript. This is continuation to Part 69. Please watch Part 69 before proceeding. When we click "Set Cookie" button we want to store the following 3 key-value pairs in 3 cookies. name=Venkat; [email protected]; gender=Male; When we click "Get Cookie" button we want to retrieve all the 3 key-value pairs from the 3 cookies Modify the code in setCookie() function as shown below. function setCookie() { document.cookie = "name=" + document.getElementById("txtName").value; document.cookie = "email=" + document.getElementById("txtEmail").value; document.cookie = "gender=" + document.getElementById("txtGender").value; } The above code creates 3 cookies and stores the 3 key-value pairs. At this point document.cookie property contains the following string "name=Venkat; [email protected]; gender=Male" Now, modify the code in getCookie() function as shown below. function getCookie() { if (document.cookie.length != 0) { var cookiesArray = document.cookie.split("; "); for (var i = 0; i [ cookiesArray.length; i++) { var nameValueArray = cookiesArray[i].split("="); if (nameValueArray[0] == "name") { document.getElementById("txtName").value = nameValueArray[1]; } else if (nameValueArray[0] == "email") { document.getElementById("txtEmail").value = nameValueArray[1]; } else if (nameValueArray[0] == "gender") { document.getElementById("txtGender").value = nameValueArray[1]; } } } else { alert("No cookies found"); } }

Channel Title : Host Promo

Views : 1062

Likes : 12

DisLikes : 2

Published Date : 2019-04-11T09:14:29.000Z

LEARN HOW TO RUN JAVASCRIPT IN ATOM THE RIGHT WAY! SUPER EASY AND WILL CHANGE YOUR LIFE! 🤑 https://host.promo ⌨ MAC SHORTCUT: command + i ⌨ WINDOWS SHORTCUT: shift + ctrl + b 👉🏼 FIND THE BEST WEB HOST AND PROMOS (FREE TRIALS, FREE DOMAINS, FREE SSL ETC) 🤑 https://host.promo/ 👉🏼 GET A FREE DOMAIN, FREE SSL, AND 70% OFF 🤑 https://host.promo/hosts/promo/bluehost 👉🏼 GET $0.80 BUDGET HOSTING (CHEAPEST) 🤑 https://host.promo/hosts/promo/hostinger 👉🏼 GET A FREE SSL AND 70% OFF BEST HOST (RECOMMENDED BY WORDPRESS) 🤑 https://host.promo/hosts/promo/siteground Atom Script Package: https://atom.io/packages/script Install On Command Line: apm install script What is Host.Promo? HostPromo provides the best promotions, insights, and analytics on hosting companies and platforms. The platform is free to use and designed to save you a ton of money! Save your heard earned money and spend it on something other then web hosting! Promotions, analytics, and data are updated daily on HostPromo! 👉🏼 Website Home: https://host.promo/ 👉🏼 Best Host Deal: https://host.promo/hosts/best-deal 👉🏼 Host Promo Vlog: https://host.promo/vlog 🤑 Follow HostPromo on social media! 🤑 💎 Twitter: https://twitter.com/HostDotPromo 💎 Medium: https://medium.com/@hostpromo 💎 Reddit: https://www.reddit.com/user/HostDotPromo 💎 Pinterest: https://www.pinterest.com/hostpromo/ 💎 GitLab: https://gitlab.com/HostPromo #javascript #atom #coding
XSS tutorials with html tags

Channel Title : Spanksta worm

Views : 230

Likes : 1

DisLikes : 0

Published Date : 2014-02-02T12:15:23.000Z

XSS (cross site scripting ) filter evasion series stage 7

Channel Title : Vishwaraj Bhattrai

Views : 761

Likes : 6

DisLikes : 0

Published Date : 2015-02-02T06:02:12.000Z

Payload used : a onmouseover=prompt(document.domain); challenge link : s-quiz.int21h.jp-stage07.php

Channel Title : test test

Views : 156

Likes : 0

DisLikes : 1

Published Date : 2014-12-28T19:55:03.000Z

I created this video with the YouTube Video Editor (http://www.youtube.com/editor)
XSS (cross site scripting ) filter evasion series stage 6

Channel Title : Vishwaraj Bhattrai

Views : 1180

Likes : 6

DisLikes : 0

Published Date : 2015-02-01T10:52:56.000Z

xss vector used is onmouseover="prompt(document.domain);"" Link for the challenge 6 http:-- xss-quiz.int21h.jp-stage-no6.php
How to Redirect Stored XSS

Channel Title : Dragunman White Hat

Views : 560

Likes : 1

DisLikes : 0

Published Date : 2015-11-14T15:31:22.000Z

How Redirect Stored XSS What is Stored XSS Stored Xss attacks involve an attacker injecting a script referred to as the payload that is Permanently Stored Persisted on the target application for instance within a database.The classic Example of stored Xss is a malicious script inserted by an attacker in a comment field on a blog or in a forum post. Detail Of Stored Xss Cross Site Scripting Xss attacks are an instantiate of injection problems in which malicious scripts are injected into the otherwise benign and trusted web sites.Cross Site Scripting XSS vulnerabilities occur when 1 Data enters a Web application through an UN trusted source most frequently a web request. 2 The data is included in dynamic content that is sent to a web user without being validated for malicious code.The malicious content sent to the web browser often takes the form of a segment of JavaScript but may also include HTML, Flash or any other type of code that the browser may execute. The variety of attacks based on Xss is almost limitless but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the users machine under the guise of the vulnerable site. Confidentiality: The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Access control: In some circumstances it may be possible to run arbitrary code on a victim's computer when cross site scripting is combined with other flaws Exposure Period Implementation: If bulletin-board style functionality is present, cross-site scripting may only be deterred at implementation time. More Information For open This Link http://www.dragunman.com/how-redirect-stored-cross-site-scripting-xss Just For Education Prupose.

Channel Title : Alyssa Herrera

Views : 153

Likes : 15

DisLikes : 0

Published Date : 2016-07-01T19:13:09.000Z

No commentary Over watch Competitive. Pre-tournament training and climbing to 70. ► Current Rank http://masteroverwatch.com/profile/shared/0a2fd3d5b21b21ac ► TWITCH https://www.twitch.tv/alyssa_gryphon -~-~~-~~~-~~-~- Please watch: "[No Commentary] Competive Overwatch Vod #2" https://www.youtube.com/watch?v=Pf0HxBOylcI -~-~~-~~~-~~-~-
popup boxes : alert box in java script

Channel Title : satywan kumar

Views : 58

Likes : 1

DisLikes : 0

Published Date : 2018-01-14T02:46:32.000Z

in this video we will learn to add popup boxes i your web pages.
XSS (Cross Site Scripting) Stealing a cookie Kitabisa.com

Channel Title : Richie Daniel

Views : 300

Likes : 0

DisLikes : 0

Published Date : 2018-11-29T06:40:08.000Z

Selenium with C# 51 - IJavaScriptExecutor interface | How to execute JavaScript from Selenium

Channel Title : Ankpro Training

Views : 562

Likes : 9

DisLikes : 0

Published Date : 2018-12-07T03:00:01.000Z

Javascript executor IJavascript Interface Alert using JavascriptExecutor Refresh the page using JavascriptExecutor Handle checkbox using JavascriptExecutor InnerText using JavascriptExecutor Get the Title of a page using JavascriptExecutor Get a domain of a page using JavascriptExecutor Get a URL of a page using JavascriptExecutor How to scroll a page using JavascriptExecutor How to navigate to other page using JavascriptExecutor Type text of JavascriptExecutor How to get height and width of a page using JavascriptExecutor What is JavaScript? JavaScript is the preferred language inside the browser to interact with HTML dom. This means that a Browser has JavaScript implementation in it and understands the JavaScript commands. What is IJavaScriptExecutor?   IJavaScriptExecutor is an Interface that helps to execute JavaScript through Selenium Webdriver. IJavaScriptExecutor provides two methods "executescript" & "executeAsyncScript“ to run JavaScript on the selected window or current page. Alert Pop Window We can create the alert pop-up using allowing code (IJavaScriptExecutor)driver).ExecuteScript(“alert('Hello')"); To Refresh The Page We can refresh the page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); To Handle Checkbox To make the checkbox has checked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To make the checkbox has unchecked ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); To Get The Inner Text We can the inner text of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); To Get The Title Of Page We can get title of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); To Get The Domain Of Page We can get Domain of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); To Get The URL Of Page We can get URL of page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return document.URL;").ToString(); To Scroll The Page To scroll the page vertically for 500px we use the following code ((IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,500)"); To scroll the page vertically till the end we use following code IJavaScriptExecutor)driver).ExecuteScript("window.scrollBy(0,document.body.scrollHeight)"); To navigate other page We can navigate to other page by using following code (IJavaScriptExecutor)driver).ExecuteScript("window.location='http://uitestpractice.com'"); To Get The Height And Width of page We can height and width of a page by using following code ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerHeight;") ((IJavaScriptExecutor)driver).ExecuteScript("return window.innerWidth;") To Type The Text We can type the text into a text box by using following code ((IJavaScriptExecutor)driver).ExecuteScript("document.getElementById('Email').value='[email protected]';"); Possible Interview Questions on IJavaScriptExecutor What is Javascript What is IJavascriptExecutor How to create alert using IJavaScriptExecutor How to refresh the page using IJavaScriptExecutor How to handle the checkbox using IJavaScriptExecutor How to get the InnerText of javascript Executor How to get the title of a page using IJavaScriptExecutor How to get a domain of a page using IJavaScriptExecutor How to get a URL of a page using IJavaScriptExecutor How to scroll a page using IJavascriptExecutor How to navigate to other page using IJavascriptExecutor How to get the height and width of a page using IJavascript Executor How to type text into text box using IJavaScriptExecutor Code : [TestMethod] public void JavaScriptDemo() { IWebDriver driver = new FirefoxDriver(); driver.Url = "http://ankpro.com"; //((IJavaScriptExecutor)driver).ExecuteScript("prompt('Hello')"); //((IJavaScriptExecutor)driver).ExecuteScript("arguments[0].click();", "element"); //((IJavaScriptExecutor)driver).ExecuteScript("history.go(0)"); driver.Url = "http://uitestpractice.com/Students/Form"; //((IJavaScriptExecutor)driver).ExecuteScript("document.getElementByValue('dance').checked=true;"); ((IJavaScriptExecutor)driver).ExecuteScript("document.querySelectorAll('input[value = read]')[0].click()"); //String sText = ((IJavaScriptExecutor)driver).ExecuteScript("return document.documentElement.innerText;").ToString(); //Console.WriteLine(sText); //String sText1 = ((IJavaScriptExecutor)driver).ExecuteScript("return document.title;").ToString(); //Console.WriteLine(sText1); //String Text = ((IJavaScriptExecutor)driver).ExecuteScript("return document.domain;").ToString(); //Console.WriteLine(Text); Thread.Sleep(2000); driver.Quit(); }

Facebook Page Like Box ::