Posts tagged "XSS"

WordPress 3.3.1 Security and Maintenance Release

wordpress

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Fixed Issues: causing mid-page scripts/styles to bleed into admin Multi-site Upload Limit Stuck at 50MB Wrong widget count on dashboard Multisite: No Database Prefix causes strpos(): Empty delimiter Never show two flyouts at once ryan $userdata not populated properly Toolbar shows a warning on a second call Unwanted backslash in output Users list ‘Change role to’ allows for changing logged-in Admin role to Subscriber current-menu-item and current_page_item classes incorrectly added to custom [...]

Read more...

Be the first to comment - What do you think?
Posted by Ashish - January 6, 2012 at 9:52 am

Categories: wordpress   Tags: , ,

SQL,XSS Barcode Injections

Many sites talks lots of SQL Injections and XSS Injections,even I explained this on TechChase articles. But think of a scenario where login is done by barcode and not username/password. So what kind of query can be passed to test SQL Injections and XSS Injections. Barcode Injections required for this testing. Actually same query which we use in normal way for testing XSS and SQL injections testing can be used here.Only we need to convert them into barcode formats. Following are few such queries converted to barcode which can be used for negative testing barcode login.

Read more...

Be the first to comment - What do you think?
Posted by Ashish - September 2, 2011 at 5:28 pm

Categories: Internet Security, Security Testing   Tags: , , ,

Microsoft Anti-Cross Site Scripting Library

The Microsoft Anti-Cross Site Scripting Library (Anti-XSS) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. This encoding libraries  uses the white-listing technique – sometimes referred to as the principle of inclusions – to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set.The white-listing approach provides several advantages over other encoding schemes.

Read more...

Be the first to comment - What do you think?
Posted by Ashish - September 17, 2009 at 6:27 pm

Categories: Internet Security   Tags: , ,

Cross Site Scripting (XSS)

Cross Site Scripting is a condition in which data that is sent in a request to a web server, at some point either immediately or at a later time, is re-displayed to a user, typically unaltered. If this data contained any HTML syntax it would be interpreted by the user’s web browser. This data can contain malicious content to compromise the victim’s machine via web browser exploits, exploit domain trust, or display erroneous information or pages that may trick users in to supplying information to another site. Cross Site Scripting can contain harmful JavaScript that will send their session credentials [...]

Read more...

Be the first to comment - What do you think?
Posted by Ashish - September 2, 2008 at 8:57 am

Categories: Concept, Internet Security   Tags: ,