The common name for the language used primarily for scripting in web browsers. It is not related to the Java language. Standardized as ECMAScript, its dialects/implementations include JavaScript and JScript.
3
votes
2answers
117 views
Web & insecure HTTP - Using RSA for encrypting passwords on the client side
I used client side password hashing in my register and login project.
Its purpose is to prevent passive adversaries/eavesdroppers from discovering users' plaintext passwords when HTTP requests are in ...
3
votes
2answers
155 views
How can JavaScript be tampered with while viewing a web page?
I often hear about how client side JavaScript can't be relied on because it can easily be changed. How exactly can it be changed, what program would be used to modify the JavaScript before a page ...
0
votes
0answers
62 views
How to hide victim pop-up in clickjacking?
I am testing a web application for click-jacking vulnerability. The attack works fine for single clicks, however i am trying to delete a file and the hidden frame (victim) throws a pop-up ...
2
votes
0answers
70 views
Compatibility of window.crypto.getRandomValues() [migrated]
I need to generate cryptographically secure pseudorandom numbers, in Javascript. I know about the window.crypto.getRandomValues API, which does exactly what I want. However, I also know it was ...
3
votes
2answers
88 views
User privileges for unsanatized code
We all know there are still vulnerable code out there even though they may or may not get exploited and found for hacking attempts. I've seen people do it countless times and have a possibly plausible ...
10
votes
3answers
315 views
What bad coding practices makes a browser extension vulnerable?
I'm trying to scan JavaScript files for vulnerabilities using JSHint. Specifically, I'm scanning the JavaScript files of browser extensions. To look for possible vulnerabilities I'm looking for bad ...
6
votes
3answers
177 views
Is there a way to bypass Django's XSS escaping with “unicode”?
Django (the Python web framework) escapes output to prevent XSS (Cross Site Scripting) attacks. It replaces ', ", <, >, & with their HTML safe versions.
However this presentation on slide ...
-6
votes
0answers
46 views
found a JS injection in my website help? [closed]
I just found out that my website request a js file :
Reload the page to get source for: http://shpr.co/code/fsave/js/fs.js?subid=298&ex;=35&uid;=51631fc4a44ae5.65956870
how to remove that !
1
vote
3answers
142 views
What typically is the expiration date of a session cookie?
I need to create a session cookie using JavaScript (for more info see question). I'm wondering what should the expiry date be? I'm guessing it's the browsing session, so if I don't set an expiration ...
11
votes
2answers
1k views
What does this injected code do?
One of my sites has just been hacked as this code has been inserted into random(?) files and places within the files.
Does anyone understand what it is trying to do? I would welcome anything that may ...
-3
votes
0answers
48 views
what is the security measures should i consider to secure “User account balance $”? [closed]
If the user can Drop money from paypal to his balance account to buy from other users on the website
Here is another example of similar process
this is typically done on freelancer.com
Drop money ...
-2
votes
0answers
90 views
attack using objects found by parsing website's script
I was browsing my website's server logs, and noticed these strange entries in the 'request uri' column.
/.open_box
/.slideshow
/.motion_detected
Each of those words are in the Java Script ...
1
vote
1answer
136 views
bypass a regex filtration to perform an xss attack
Does the regex [\w/$!.*-]+$ stop the injection of payloads like :
"><script>alert(4)</script>
" onload="alert(4)"
...
-1
votes
1answer
122 views
can someone break my anti dom based xss from the window location? [closed]
can someone break my anti dom based xss from the window location ?
function parseparameters()
{
var href = window.location.href;
var id = href.indexOf('#');
if (id ...
-1
votes
1answer
88 views
some questions about DOM based XSS [closed]
Is it possible to do a DOM based xss attack with window.location.protocol?
How can we use dom based xss with document.title?
How can we bypass the escape javascript function if it is used?
thank ...
