XSS vulnerable applications

Below are some sample XSS vulnerable applications custom essay. Try producing XSS.

1 Reflective XSS- Like all know its server side issue.
Download Demo

2 JSON XSX Example
Download Demo

3 XSS when HTML escape function are used.
Download Demo

4 DOM based XSS
Download Demo

Check out the Demo links or download/deploy the applications on your local and try testing/xssing them all.

custom essay writing.

Email notification service ;Email Bomber

Now a days every app has a module for notifying users through email. The same email module/service when written less carefully can lead to serious misuse by the attacker. Attacker can spam the inbox of any user when the app is vulnerable to this issue. Below is the example of vulnerable webapps test with explanation.

Suppose the reset password functionality is vulnerable to email bombing.

url – https://example.com/lost-password

Open it and you see a form to notify you by email. try putting email and send. Monitor and capture the request.

For now i take below headers:

POST /lost-password HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://example.com/lost-password
Cookie: lang=en; xyz
Connection: keep-alive
Upgrade-Insecure-Requests: 1

POST data
action=send
email=test@test.com

Looking at the header and body , we can see that their is no way for the web server to track user or to validate the genuine request. So we can replay the same request with different POST data using any client.

Continue reading

crawler4j example | java web crawler

Why to write the whole thing from the scratch if the same thing is already available ? Better to build on top! Isn’t it ?

Framework says : Concentrate on your objective rather then supporting things needed to accomplish the objective. Framework provide the facility and tools and expect the programmer to build the things on top of it.

crawler4j is a framework to that provide multi-threaded crawler with some extra features like Logging, customization’s, crawling password protected sites etc.

Here is a small example of starting with crawler4j.
Build env :Maven

Continue reading