sagar pandit

Greenhorn
+ Follow
since Nov 03, 2013
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by sagar pandit

Hello,

I have a query regarding the phishing attacks.

Consider this example:

www.test.com?mylink=_test&mytopic=_phishing

Consider the above url.Lets say if the front user is able to see only the www.test.com and the rest parameters can be trapped in the request by the attacker.So the attacker can replace the parameter values and insert any malicious script in it. So If I want to avoid redirecting to any malicious script eventhough the attacker enetrs any thing, how can that be possible through java.

Thanks
Sagar
5 years ago
Hello,

I have a query regarding the phishing attacks.

Consider this example:

www.test.com?mylink=_test&mytopic=_phishing

Consider the above url.Lets say if the front user is able to see only the www.test.com and the rest parameters can be trapped in the request by the attacker.So the attacker can replace the parameter values and insert any malicious script in it. So If I want to avoid redirecting to any malicious script eventhough the attacker enetrs any thing, how can that be possible through java.

Thanks
Sagar
Hello,

I am trying to implement a simple captcha for my login form.

i.e after entering the user id/pwd the user should also enter the captcha and then go to next page.

First of all I need to know is there any captcha server required to implement it. Or if not, then how could this be implemented . ( any specific jars etc required).

Thanks
Sagar

Ishan Pandya wrote:As bear said,

Do some validation on the server side for checking the request parameter (Url parameters as you say) then if you find something wrong then send the user to error page.

According to my knowledge there is no such thing which can stop user to modify the request parameter or encode URL. If you find then please tell us here.




Thanks Guys

I have done some validation to replace the invalid strings by white space. The alert doesnot show now. so there was no need of encryoting it.
6 years ago
JSP

Bear Bibeault wrote:URL encoding has nothing to do with allowing or disallowing what can happen on the server. URL encoding is just the means that "special characters" such as &, space, and the like are encoded into the URL values.

What you need on the server is authentication and authorization so that users aren't allowed to do anything that they shouldn't be doing.




Thanks for your reply,

But suppose I dont want the user to modify my name-value pair in url, what kind of authentication or authorization should i do.

Note that , the case is - There is a logon button, when I click on it there is a change in url where i get name-value pairs in url, and suppose if I change any of the value it still allows me to go to next page, which is a threat. Also I cant use the POST method as the client wants those parameters in the url.

So my query is suppose if attacker modifies

http://localhost:8080/UrlEncode/UrlEncoderSample.jsp?name=vimal&id=0812573&NIC=vimal basdeo&f=nasha sahdjsa hk As

something like

http://localhost:8080/UrlEncode/UrlEncoderSample.jsp?name=vimal%Alert("sagar")%&id=0812573&NIC=vimal basdeo&f=nasha sahdjsa hk

can the parameters be encoded so that if such kind of modifications are done he will get an error page or something.

Thanks

6 years ago
JSP
Hello,

I am having a Url that contains url parameters in the form of name value pairs.

But there is a problem,there is an XSS issue for that.

Suppose for eg: URL is http://localhost:8080/UrlEncode/UrlEncoderSample.jsp?name=vimal&id=0812573&NIC=vimal basdeo&f=nasha sahdjsa hk

And now if a user inserts any invalid data in any of the name -value pair, it allows to execute it.

Can please any one tell me how this url parameters can be encoded/encrypted through jsp so that user will not be able to insert anything?

6 years ago
JSP