I am learning how to find vulnerabilities in web-apps. I am trying to find an XSS vul. in an app.
There is a reactjs webapp. Exist two possibilities, two inputs that change information of a user, one is the bio and other changes the webpage of the user.
<div class="sc-hMqMXs gwiZKI">
<div class="sc-hSdWYo jeEjXR" aria-disabled="false">
<textarea data-gr="textarea" maxlength="160" placeholder="Describe yourself briefly in one or two sentences…" rows="4" height="84" aria-invalid="true" class="sc-eHgmQL liNjVN">" /> <script>alert();</script>
</textarea>
</div>
</div>
When i try to set an input with script tag, there has to be some kind of stringify that dont let me go foward to it.
This is the output of the first input:
<p class="Builder__BiographyStyle-v13eqd-0 gOpKPy sc-cBdUnI dWHKbJ" style="color: rgb(116, 116, 116);"><script>alert(1);</script></p>
The payload was: <script>alert(1)</script>
The second one is the webpage:
the code of the input es almost the same as the first:
<input data-gr="input" maxlength="160" placeholder="myhomepage.eu" aria-invalid="true" class="sc-jWBwVP bCXLCE" value="{{javascript:alert(1)}}">
And the output of the input on HTML is:
<a rel="noreferrer noopener" target="_blank" display="primary" href="https://{{javascript:alert(1)}}" class="Link__TextLinkStyle-sc-18o82bi-0-a bAMZxp">https://{{javascript:alert(1)}}</a>
This means that the input is stringified and the https:// is added. How could be the syntax to make an XSS vul execute code in there, is it possible?
Related
Im currently working with a project that uses Apache Cordova. In our HTML-file, we have a search box, where user can input ie. "CLASS A" and set it as default if he/she wishes so. What is the easiest way to make this happen that when user re-opens the app, the app remembers the input? Since we are only creating an (native) app for android and IOS cookies wont do. Is the local storage easiest and right way to approach this one? How should it be implemented in the code? We have HTML/CSS/JS in our project if that matters.
Providing a snippet from HTML;
<div data-role="content" id="content">
<div id="search">
<div class="ui-widget">
<div id="timetable">
</div>
<form onsubmit="return false" id="searchform">
<input type="text" oninput="upperCaseGroup(this)" id="field" placeholder="Search group's timetable" maxlength="100" class="ui-autocomplete-input" autocomplete="off">
<input type="text" oninput="upperCaseClass(this)" id="fieldClass" placeholder="Search room's timetable" maxlength="100" class="ui-autocomplete-input" autocomplete="off">
<p id="searchNotifi">* Search timetables inputting desired group or room id. (ie. TITE14 / A420.2) <a href style="color: deeppink" id="hidemsg">Okay!</a></p>
<label for="remember" id="mlabel"><input type="checkbox" id="remember" data-role="none" />Set as default</label>
<!-- <div id="hae" class="ui-btn ui-input-btn ui-corner-all ui-shadow">Search</div> -->
<input type="button" value="Search" id="search" class="btn openpanel" onclick="executeSearch()" />
</form>
</div>
</div>
This is how the code looks like in app (with JS functions and such).
So everything workd correctly, but how can we set search as default, so the app remembers the input next time user opens the app?
Thank you in advance.
You can use localStorage, it persists even when the browser is closed and reopened and will be something like that.
localStorage.setItem("val1","some text");
localStorage.getItem("val1")
//some text
Window.localStorage
Actually I would not rely on using localStorage if you want to make sure your data never gets cleared by the system. As mentioned here localStorage will get cleared if your device has low memory available.
I'd suggest using one of the following persistent storage possibilities:
Native storage
SQLite storage
Though SQLite will be a bit overkill for remembering a users selection, so native storage is probably the way to go.
Usage (after adding the plugin):
Storing an item:
NativeStorage.setItem("key",<value>, <success-callback>, <error-callback>);
Retrieving an item:
NativeStorage.getItem("key",<success-callback>, <error-callback>);
probably some of you had follow my previous questions, I'm developing a simple guestbook in order to learn php. Yesterday I've implemented the function to delete messages from the guestbook.
Today I want to allow users to format their message with like every form (also here on stackoverflow)
I want to add some buttons [B] [I] [U] which will format their messages on the guestbook (only their messages) with bold, italic and underline (in future I think I'll allow to choose colors of the message).
How can I do this? Which language I have to use? (By now I'm using php,html and css but I know something about javascript, ajax, jquery)
Some details:
<div id="functions">
<form method=post id="addForm" name="addForm" action=<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>>
<span class="label" style="text-align: center"> Comment </span> <textarea class="text" type=text cols=55 rows="7" name="comment"></textarea><br>
<br><input class="submit" type=submit name=submit value="Submit">
</form>
<a href=viewGuest.php>View Guestbook!</a>
</div>
All comments are stored in a mysql database but I don't think this is relevant.
You coud make use of a javascript component, like CKeditor (http://ckeditor.com/). It will allow you add HTML content for your guestbook, and therefore, you could make use of HTML tags for bolds, italics,...
I want to create a browse button so i found this code : and it works fine
<form action="http://www.cs.tut.fi/cgi-bin/run/~jkorpela/echo.cgi"
enctype="multipart/form-data" method="post">
<p>
Type some text (if you like):<br>
<input type="text" name="textline" size="30">
</p>
<p>
Please specify a Test , or a set of tests:<br>
<input type="file" name="datafile" size="40" >
</p>
<div>
<input type="submit" value="Execute Test">
</div>
</form>
But in my case the browse functionality should begin from a specific URI (C:\software\apache-tomcat-7\apache-tomcat-7.0.28\wtpwebapps\WebTestAutomatisation\WEB-INF\classes\functional)
So i want to fix the initial uri
I make a search in the input tag attributes but i didn't find anything useful
You want to change the default path when the user click on "browse" ?
I think it is not possible to change the default path of an input type files because it can be a big security hole...
I don't think what you are trying to do is possible. Like #ClementAndraud pointed out, this can be a big security hole if it is allowed. meanwhile you can check this post for further clarification.
I have a simple search php script, within that script there is some html and javascript to make a search input field and a button.
What i am trying to do is when someone enters a search, and presses submit, thickbox opens, and the results will be displayed in the thickbox.
What i have so far is the search field and button, when i press submit, it briefly shows the thickbox, and than is overloaded by the result page, but than with no search results.
Here is the code:
<form method="get">
<input type="text" name="merk" size=10 style="font-weight: bold; background-color:#D5DF23;">
<input type="image" name="merk" class="thickbox" onclick="document.location.href='searcher.php?keepThis=true&TB_iframe=true&height=520&width=800';" src="zoek1.jpg" width="110" alt="Zoek" onMouseOver="this.src='zoek2.jpg'" onMouseOut="this.src='zoek1.jpg'">
</form></input>
It would seem that you lack some of the basic understanding of HTML, JavaScript and probably also programming in general, you really should spend some more time getting the basics down.
It would seem that Thickbox is not designed to be used the way you want to. In any case, I took a look at the source code, and it's pretty easy to use the functionality in a more conventional manner making it more flexible (just call the function tb_show with the appropriate parameters). What you want would be something like this:
<input type="text" id="merk" size=10 style="font-weight: bold; background-color:#D5DF23;">
<img onclick="tb_show('title','searcher.php?merk='+document.getElementById('merk').value+'&TB_iframe=true&height=520&width=800',false)" style="cursor:pointer;" src="zoek1.jpg" width="110" alt="Zoek" onMouseOver="this.src='zoek2.jpg'" onMouseOut="this.src='zoek1.jpg'">
I know that may sound silly, but I'm trying to submit a form on a page inside an iFrame, from the parent site.
Here's an example of the form:
<form action="/add_email" method="post">
<div class="field">
<label for="newEmailAddress" style="width: auto">Add new email address</label>
<input type="text" id="newEmailAddress" name="email" value="null" class="text-field" />
<input type="hidden" name="__app_key" value="null"/>
<input type="submit" value="Add address and send activation email">
</div>
</form>
As you can see, the Submit button, and the form itself both lack a proper name or id, this is not something I have control over. (It's on an external website.)
Any suggestions?
When no name is given to the form then form has the default form name in a form of array
ie form[]
hence one can create as many forms in script, the default name's index will increase.
Hence one can use it accordingly.
Since it is an external website — no. The Same Origin Policy prevents it.
If it was the same website then you could communicate across frames and then access the form via its numerical index in the forms object (but you would also likely be able to give it an id and use that instead).