Skip to main content

CROSS-SITE SCRIPTING : Penetration Test Report paper

CROSS-SITE SCRIPTING
Severity: Medium
An attacker can take advantage of numerous input fields in the application
in order to mislead an innocent customer entering the site into giving away
information, or as a tunnel for the attacker for future purchases on behalf
of the first. Input fields include the comments area, the search page, and
the new user signup form.
The first cross site scripting attack is based on a malicious user
embedding malicious code (in the form of Javascript or VBScript) in the
search field of the search.asp page. This allows an attacker to send a mail
to any user asking him to view a list of search results. If the innocent user
would surf to this linked page, where the malicious code is injected by the
attacker he would have a response script sent to him. This can result in
the user’s session cookie sent to the attacker for instance, which will
enable the attacker to act on the user’s behalf without his knowledge.
Post a Comment

Popular posts from this blog

Compact and Repair an Access Database. Add Ref. to : AdoDb, Jro

< ?xml version="1.0" encoding="utf-8" ?>









using ADODB;
using JRO;
using System.Configuration;
using System.Data.OleDb;
using System.IO;

public class CompactAndRepairAccessDb : System.Windows.Forms.Form
{
private System.ComponentModel.Container components = null;
private JRO.JetEngine jro;
private System.Windows.Forms.Button btnConfirm;
private System.Windows.Forms.TextBox tbxOriginalDbSize;
private System.Windows.Forms.TextBox tbxCompactedDbSize;
private OleDbConnection cnn;

public CompactAndRepairAccessDb() {
InitializeComponent();

FileInfo fi = new FileInfo( ConfigurationSettings.AppSettings["PathOriginal"] );
int s = Convert.ToInt32( fi.Length/1000 );
this.tbxOriginalDbSize.Text = s.ToString() + " kb";
}

private void btnConfirm_Click(object sender, System.EventArgs e) {
// First close all instances of the database
// MUST HAVE EXCLUS…

Creating ISO images with Nero 5.5 Express

Mark Michaelis' Weblog - August, 2003: "Creating ISO images with Nero 5.5 Express

I recently set up an old computer for my son, Benjamin, as he keeps messing up my wifes desktop and then I have to figure out how to get it back to the way she wants it. Anyway, as part of doing this I didn't want my son putting CDs in and out of the computer as he tends to scratch them. Instead, I decided to create ISO images of them and have him use them directly from the computer using Daemon-Tools. The problem, was how to create ISO images? I had a copy of Nero Express 5.5 but it took me some time to figure out exactly how to get it to make ISO images. (If you happen to have the full version of Nero you can find instructions for creating ISO images here.)

Here are the steps for Nero Express 5.5:

1. Launch Nero Express 5.5 (yes there is a 6 version out there but I don't have it.)
2. Select the Copy Entire Disk option.
3. Click the More>> button.
4. Click the Configure…