JavaScript Injection

Using JavaScript a user can modify the current cookie settings. This can be performed with some basic JavaScript commands. To view the current contents of your current cookie/s, use the following JavaScript command. Put this in your browser's URL bar.

javascript:alert(document.cookie);

This command will popup a box which lists your current cookies. A malicious user could use javascript to change values in the cookie. For example lets say a web application you are testing sets an authorization cookie to true when a user has successfully logged in and passed the authorization test. To change the values within the cookie, a malicious user would execute javascript like the following from the url bar within the browser.

javascript:void(document.cookie="authorization=true");

This would cause the current cookie parameter authorization=false to be changed to authorization=true. Which the malicious user might not have passed the original authorization test. The malicious user has just bypassed the authorization test and gained access to the sensitive content. As you could imagine, this could cause severe problems in privilege escalation, if the malicious user could use JavaScript injection to bypass the correct authorization process.

If you are testing for JavaScript injection and wish to see if the cookie has been altered you would execute a command similar to the following, except you would want to replace the cookie name and value with the cookie you desire to test. Start with the javascript command to alter the cookie and then tack on the javascript alert function to view what the cookie was changed to. For example

javascript:void(document.cookie="authorization=true");javascript:alert(document.cookie);

You should now be able to see the new cookie parameter in the popup box.

XSS Injection vulnerabilities

You can determine if a web-based application is vulnerable to XSS attacks very easily. A simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello George, thank you for coming to my site"

http://www.yoursite.com/index.html?name=george

And modify it so that add an extra some additional information to the parameter. For example try entering something similar to the following request in the browser address URL bar.

http://www.yoursite.com/index.html?name=< script>alert('You just found a XSS vulnerability')< /script>

If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in. Basically what is occurring is normally where the name George would be entered on the page the < /script>< /script> message is instead being written to the dynamic page. The alert message just is an example of how to test for the XSS vulnerability. A malicious hacker would be much more devious to this type of security vulnerability.

There are many, many different methods to test for XSS vulnerabilities. This only describes a few of the different methods to test for a XSS vulnerability.

How to load your JavaScript in Website

1. Create two JavaScript files. The first contains just the code necessary to load JavaScript dynamically, the second contains everything else that’s necessary for the initial level of interactivity on the page.
2. Include the first JavaScript file with a script tag at the bottom of the page, just inside the .
3. Create a second script tag that calls the function to load the second JavaScript file and contains any additional initialization code.

function loadScript(url, callback){
    var script = document.createElement("script")
    script.type = "text/javascript";
    if (script.readyState){  //IE
        script.onreadystatechange = function(){

            if (script.readyState == "loaded" ||
                    script.readyState == "complete"){
                script.onreadystatechange = null;
                callback();
            }
        };
    }else{ //Others
        script.onload = function(){
            callback();
        };

    }
    script.src = url;
   document.getElementsByTagName("head")[0].appendChild(script);
}

Debugging Ajax Applications with Firebug

Hi Friends,
Aside from CSS, Firebug can also debug Javascript quite well, all from within the Firefox browser. Here's a quick tutorial on how to make sure your Ajax applications are running smoothly with Firebug.

Click Here to see the video.

See what technologies the other sites are using.

Ever wonder what technologies popular sites are using for their page !! .. This helps you to know the complete configuration of the website.

BuiltWith is a website analysis tool, providing technical analysis and SEO optimization information to further your website's marketing, sales and navigation effectiveness.

It lets you enter a site name in provided field and click the “Lookup” button.The technological information about that site will be displayed.

Here is the sample technological information of my blog.

Campus2Company - The Idea Coded By Me.

This is the first website launch by me, In which MBA student can find MBA Training and Materials for MBA all other stuff. I am very happy to launch It.There's loads of other stuff too.please check it out.

visit our venture:
campus2company.net

please give your valuable review and suggestion, I appreciate.

Online OS

Today I found one website which is online Operating System looking like XP.
It is really amazing.I never had seen such type of online OS.

If you want to check it out then below is URL:
http://www.oos.cc/login.html

Also heard that google will also make online OS based on chrome browser.
really,web 3.0 will change the world!!!.