API tools faq
paste
viprajput

session 15 g1

viprajput
Jun 26th, 2018
53
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.57 KB | None | 0 0
raw download clone embed print report
  1. SESSION 15
  2. ==========
  3.  
  4. INTRODUCTION TO JAVASCRIPTS
  5. ============================
  6. JavaScript is a programming language commonly used in web development. It was originally developed by Netscape as a means to add dynamic and interactive elements to websites.
  7.  
  8. Java > Javascript
  9.  
  10. Java is a software programming language. But, Javascript is meant for development of Web Applications which is generally used in front end developing.
  11. Javascripts is concerned with the behaviour of the webpages depends upon the user inputs. Mainly deployed on the dynamic webpages for the validation purposes.
  12. For Example : A simple java script code can create and show Prompt Box or Alert Box etc.
  13.  
  14. Usually Javascript is used with HTML. For using Javascript, We use tags like, <script> etc.
  15.  
  16. They use Tags and functions like :
  17.  
  18.  
  19. alert(document.cookie)
  20.  
  21. alert()
  22. prompt()
  23. document.write
  24. document.cookie
  25. fuctions
  26. loops
  27. conditions
  28.  
  29. Syntax Of Javascripts
  30. ======================
  31.  
  32.  
  33. <script> : </script>
  34.  
  35. <script> = Starting Tag
  36.  
  37. </script> = Ending Tag
  38.  
  39. <script>
  40. .
  41. .
  42. .
  43. </script>
  44.  
  45. TAGS :
  46.  
  47. = alert() : This function is used to draw a pop up box known as dialoug box. What ever the body content of the function is written into it it will show it as text on the box.
  48.  
  49.  
  50.  
  51. SYNTAX : <script>alert("String Based / Integer Based")</script>
  52.  
  53. eg.
  54. <script>alert("Welcome to this site")</script>
  55.  
  56. Syntax : <script>alert()</script>
  57.  
  58. Here we can write two type of data types. First String Based and Integer.
  59.  
  60. <script>alert("Welcome to Site")</script>
  61.  
  62. <script>alert("123")</script>
  63.  
  64. = prompt : It is same as alert but also given a text field to write ur own text. But it will not effect the working of the pop up hence only with read only property.
  65.  
  66. <script>prompt("hi")</script>
  67.  
  68. = Stealing Cookies with Java Script
  69.  
  70. Stealing Sessions via Cookies
  71.  
  72. Function : document.cookie
  73.  
  74. Every website contains a cookie and respective session in browser memory hence if we are able to get the cookie we can embed the same cookie in our browser and as we open the same site will be going to enter into the same session of the victim.
  75.  
  76. <script>alert(document.cookie)</script>
  77.  
  78. ----------------------------------------------------------
  79.  
  80. XSS - CROSS SITE SCRIPTING
  81. ===========================
  82.  
  83. Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
  84. Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.
  85.  
  86. Flaw of XSS
  87. ============
  88. When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
  89. For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.
  90.  
  91. TYPES OF XSS
  92. =============
  93.  
  94. 1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
  95. 2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
  96. 3. DOM Based XSS : Document Object Module Based XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. For eg. in (document.write) etc.
  97. SESSION 15
  98. ==========
  99.  
  100. INTRODUCTION TO JAVASCRIPTS
  101. ============================
  102. JavaScript is a programming language commonly used in web development. It was originally developed by Netscape as a means to add dynamic and interactive elements to websites.
  103.  
  104. Java > Javascript
  105.  
  106. Java is a software programming language. But, Javascript is meant for development of Web Applications which is generally used in front end developing.
  107. Javascripts is concerned with the behaviour of the webpages depends upon the user inputs. Mainly deployed on the dynamic webpages for the validation purposes.
  108. For Example : A simple java script code can create and show Prompt Box or Alert Box etc.
  109.  
  110. Usually Javascript is used with HTML. For using Javascript, We use tags like, <script> etc.
  111.  
  112. They use Tags and functions like :
  113.  
  114.  
  115. alert(document.cookie)
  116.  
  117. alert()
  118. prompt()
  119. document.write
  120. document.cookie
  121. fuctions
  122. loops
  123. conditions
  124.  
  125. Syntax Of Javascripts
  126. ======================
  127.  
  128.  
  129. <script> : </script>
  130.  
  131. <script> = Starting Tag
  132.  
  133. </script> = Ending Tag
  134.  
  135. <script>
  136. .
  137. .
  138. .
  139. </script>
  140.  
  141. TAGS :
  142.  
  143. = alert() : This function is used to draw a pop up box known as dialoug box. What ever the body content of the function is written into it it will show it as text on the box.
  144.  
  145.  
  146.  
  147. SYNTAX : <script>alert("String Based / Integer Based")</script>
  148.  
  149. eg.
  150. <script>alert("Welcome to this site")</script>
  151.  
  152. Syntax : <script>alert()</script>
  153.  
  154. Here we can write two type of data types. First String Based and Integer.
  155.  
  156. <script>alert("Welcome to Site")</script>
  157.  
  158. <script>alert("123")</script>
  159.  
  160. = prompt : It is same as alert but also given a text field to write ur own text. But it will not effect the working of the pop up hence only with read only property.
  161.  
  162. <script>prompt("hi")</script>
  163.  
  164. = Stealing Cookies with Java Script
  165.  
  166. Stealing Sessions via Cookies
  167.  
  168. Function : document.cookie
  169.  
  170. Every website contains a cookie and respective session in browser memory hence if we are able to get the cookie we can embed the same cookie in our browser and as we open the same site will be going to enter into the same session of the victim.
  171.  
  172. <script>alert(document.cookie)</script>
  173.  
  174. ----------------------------------------------------------
  175.  
  176. XSS - CROSS SITE SCRIPTING
  177. ===========================
  178.  
  179. Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a Web Application, and the Web Application Responds back according to it. The end user’s browser has no way to know that the script should not be trusted, and will execute the script because it thinks the script came from a trusted source.
  180. Its a OWASP TOP 10 3rd vulnerability found mostly in 80% of all dynamic websites.
  181.  
  182. Flaw of XSS
  183. ============
  184. When any website takes any kind of executable input from any unauthorised visitor then we can say that website is vulnerble to xss attack.
  185. For Example: While Shopping in Flipkart some user entering <h1>Hacked</h1> in search bar and as he hit search website understand the heading tag and executes it on main page.
  186.  
  187. TYPES OF XSS
  188. =============
  189.  
  190. 1. Stored XSS : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database. That is it is permanent until the database is reset or the query is manually removed.
  191. 2. Reflected XSS : Reflected attacks are those where the injected script is reflected off the web server, that means it is not storing and just reflecting the query. When the webpage will be refreshed, the XSS query will be gone. One Time Use but extracts data.
  192. 3. DOM Based XSS : Document Object Module Based XSS is a type of cross site scripting attack which relies on inappropriate handling, in the HTML page, of the data from its associated DOM. For eg. in (document.write) etc.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!