|
1-How to make a sandbox that sandboxing and preventing Malicous Java script at URL address bar with such permissions like never change the title page , never change the images or flash or any other multimedia from outside in the page and never excute a code from outside ?
2-after detecting and preventing through Sandbox , how to take the piece of code which causes the problem from a big malicious script ? e.g. eval() is the responsible for making the problem so i want the program to catch for the 3rd step
3-if for example eval() is the bad function which causes the trouble then how to REPLACE it -mapping- with a safe function? -lets say only a mapping for eval() ,execScript , SetTimeOut , SetTimeInterval
innerHTML , outerHTML document.cookies, location.replace , location.assign , script.src href , src , Iframe -
I red many articles but i didnt find safe mapping for unsafe functions
What are the safe mapping for those unsafe functions or properties??
I red this it was helpful but not complete:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval[^]
|
|
|
|
|
|
I need to set voucher print c# window form application How i can set that please Help Me.....
|
|
|
|
|
|
Hi guys, I need Basic Basic Silverligt Projects Pls suggest me a link. Thanks in Advance 
|
|
|
|
|
|
|
Hi everyone I hope you all are fine and happy.
I need some help here and i will not forget this favor.
This problem is about protecting the users from Malicious DOM Scripts Attacks that the users may be tricked to execute in his/her Browser.
I will explain What is DOM and What is DOM XSS Attack and if you are already know that you can go to
OK OK What do I need here? to what my plan is and then read My Straight Questions which is the section i want the help from you and I hope you will help me instantly
Now I will explain What DOM and What DOM Based XSS attacks briefly:
First of all (DOM defenition):
DOM is for Document Object Model it is the Tree that any web site or a web application uses , nowadays almost every web site or web application has DOM.
as a great advantage to users , DOM can be used as a good facility for users to access and Manipulate DOM Tree according to user's preferences with a dynamic script language like Java script.
a good example about when a user can modify and manipulate DOM is when user can change the web page's Title or the web page's background color.
The Danger of DOM Based XSS:
DOM Based XSS Attack is when a hacker Modify DOM with a script in a way that a server will never want to , and not according to user's preferences but according to the attackers bad intentions.a hacker or an attacker can trick or persuade the client to run a malicious script to make a DOM attack.
DOM Based XSS Attack is the third type of XSS Vulnerability , sometimes referred as XSS Type 0 Vulnerability which is when the attacker exploits a vulnerable web page to DOM vulnerability and let clients (users) execute and run Malicious DOM scripts at their machines -server never interfere with that- and thus without the wise of clients the server reputation is not good specially if a malicious hackers for example put a bad insults in the title tag to insult the client when visits it because the Malicious DOM Scripts exploits the vulnerabilities of a web page and the Updating and modification of DOM has happened.
OK OK What do I need here?
I need to make a simple tool that prevent DOM based XSS vulnerability which occurs at client side with 4 steps , 3 steps are main steps and the 4th step is optional.
This tool is a windows Application runs at client side.
This tool has a sandbox to prevent the Malicious java script Attacks then take the bad script and extract the tiny point which causes an attack FINALLY it will convert the bad function which causes the attack for example using the dangerous eval() function to a good function and safe function like JSON method. ONLY IF IT POSSIBLE
1-It is a simple browser with its address bar that when a user put a URL ..... a SANDBOX will start and this sandbox will inspect if this URL contains a Malicious Java script (Malicious DOM) then it will detect it and make it stop and never run it in the browser.
I studied and tried the AppDomain class and SecurityManager.GetStandard Method but all of them are for making a sandbox for .exe and Assembly Binary Files I studied Iframe sand Box too and how to sandbox HTML by Iframe and DOM Cheat Sheet in OWASP but i was confused because I don't want to only prevent but instead want to prevent then convert the malicoius scipt to good script the run the good script
2-After the detection of that Malicious DOM it will take that script and take the exact unsafe script point (the unsafe code which refers as unsafe sinks which is the UNSAFE Function) example
3-After taking the exact unsafe DOM code point it will try to convert the unsafe sinks to safe sink for example converting eval() function if causes a malicious script to a good function that may not make trouble if it be used.
4-Contact the server's Web Master to tell him that the server's web page has a vulnerability and tell the developer how to fix these vulnerabilities.
My Straight Questions
1-How to make a sandbox that sandboxing and preventing Malicous Java script at URL address bar with such permissions like never change the title page , never change the images or flash or any other multimedia from outside in the page and never excute a code from outside ?
2-after detecting and preventing through Sandbox , how to take the piece of code which causes the problem from a big malicious script ? e.g. eval() is the responsible for making the problem so i want the program to catch for the 3rd step
3-if for example eval() is the bad function which causes the trouble then how to REPLACE it -mapping- with a safe function? -lets say only a mapping for eval() ,execScript , SetTimeOut , SetTimeInterval
innerHTML , outerHTML document.cookies, location.replace , location.assign , script.src href , src , Iframe -
I red many articles but i didnt find safe mapping for unsafe functions
What are the safe mapping for those unsafe functions or properties??
I red this it was helpful but not complete:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval[^]
Optional:
4-How to contact with the server site to tell it that it hass a DOM a vulnerability even if we don't have its Web Master email??
5- What are the suggestions for fixing vulnerabilities at the server side??
Notes:
A-Actually I invented this Algorithm to protect clients even if they were tricked to run malicious java scripts what I only need is the help to implement this programmitically , but if you have some other or simpler algorithm than this you are welcomed to tell me about yours or even if modify my algorithm if you see it can make some enhancements.
B-I want this tool to be implemented with C# Language , but if you can make this algorithm and implement it programmitically in ANY OTHER LANGUAGE feel free to post your solution with the language you know well and like
C-one of my principles is to always try and I tried many times in making this and I would never post this but I have really a limited time and something like dead line
I really Really Need help asap
Thank you very much
|
|
|
|
|
To me it sounds like you are in too deep.
I have difficulties seeing a working architecture in your proposed algorithm, but then again I am not a web guru.
The "algorithm" you describe requires incremental development - that is - to investigate, try, get wiser, change and adapt numerous times. It might be a bit too complicated for a single forum post.
You might want to hook up with a programmer that knows about browser code, web and security. Otherwise, it might be a long road for before you can deliver or find out that you can't.
Please notice that this is just a proposed guidance for you based on my perception of your post information. It is by no means meant to be disrespectful.
Kind Regards,
Keld Ølykke
|
|
|
|
|
how to use check box in repeater
how to check box click repeater values send the other page with code behind
plz solve my problem.
|
|
|
|
|
|
I am very familiar with C sharp, but have not ever tried to do anything with Aspx/Silverlight and c sharp, so I'm a totally new to that.
For an exercise, I would like to query the company time entry website (Aspx and Silverlight on the front end), specifically the vacation hours value with a test form in C sharp.
Besides login credentials and the url, what do I need for this and how can I do this? I tried the code below, but it did not do anything.
Thanks for reading.
private void btnTest_Click(object sender, EventArgs e)
{
try
{
WebRequest request = WebRequest.Create (
"https://time.website.com/pa/application.aspx#/TimesheetEntry");
request.Credentials = new System.Net.NetworkCredential("username", "password", "domain");
WebResponse response = request.GetResponse ();
lbxValues.Text += ((HttpWebResponse)response).StatusDescription;
Stream dataStream = response.GetResponseStream ();
StreamReader reader = new StreamReader (dataStream);
string responseFromServer = reader.ReadToEnd ();
lbxValues.Text += (responseFromServer);
reader.Close ();
response.Close ();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message + System.Environment.NewLine + ex.Source + System.Environment.NewLine + ex.TargetSite + System.Environment.NewLine + ex.StackTrace + System.Environment.NewLine + System.Environment.NewLine);
}
}
|
|
|
|
|
Ok, I've found Silverlight spy and can now see the calls the XAP package is making with the dll's inside of it (I believe it uses .net reflector for this), so now the question is, how can I go through the code shown by .net reflector to reverse engineer what it is doing? I found the button and tried starting there, but don't see a function associated with the press of that button?
|
|
|
|
|
Hi,
i am creating a application where i need to input a image and to count the number of red color in image (user will fill the color using red color pen in few boxes. Other parts of image are in black and white except the box)
E.g: Total 10 lines are there in a image
Each line has 3 box
user may fill any 1 of the box with red color
Is there any possibility of getting location (x,y) and count of the red color?
if anybody reply to this would be really helpful to continue the project
|
|
|
|
|
|
You can get the RGB values, but given that, its not easy to detect the actual color.
Brightness and luminosity tend to play a major role.
Plus there is the alpha value as well.
|
|
|
|
|
I wonder if your "bigger picture" goal here is: to determine, for each of the ten "lines," which ones of the boxes are "filled."
To help you achieve this without scanning every single pixel in the image, and doing some complex analysis (the worst case), I think we need to know exactly what you can assume about the image you have to analyze:
1. is the image guaranteed to be "linear:" i.e., there's no distortion, warping, no perspective effect ? is there a significant "noise factor," or variation in overall image brightness, or color-cast ?
2. is the relative position of the boxes which can be filled the same on each instance of the image you need to analyze ?
3. is the relative position of the boxes which can be filled the same from line to line. ?
5. what, exactly, constitutes a "valid fill" ? if there's even one pixel of red inside a box, does that make it "selected" ?
6. is the fill-color value of "red" the same for each image ?
Depending on the degree of regular structure in the images to be analyzed, then you can approach this problem in different ways.
Google CEO, Erich Schmidt: "I keep asking for a product called Serendipity. This product would have access to everything ever written or recorded, know everything the user ever worked on and saved to his or her personal hard drive, and know a whole lot about the user's tastes, friends and predilections." 2004, USA Today interview
|
|
|
|
|
I did a project recently on real-time color detection.
The major issue is how to actually define a color as you see it , not as a computer sees it. for that you need to do some math.
as you currently understand an image, it is a 3d array with RGB values. R G B are actually just three linearly independent vectors used to define any color in the color space (r[0-255]g[0-255]b[0-255]). Think of it as X Y Z coordinates in space. a specific color is just a point in this space. it is nearly impossible to get the same color in real life cases. so rather than matching a point in space , you can make a small volume around that point , lets say r+-5 g+-5 b+-5 and see if the given color falls in the defined space or not.
another approach is to make a new coordinate system with your color as a primary vector. now you again define the whole color range with these new vectors BUT now the higher the value of your required vector tell you that more of your color is present. if the other two orthogonal vectors have components close to 0 than its perfectly your color and you can mark it as ok. This gives you a trivial solution to
BillWoodruff wrote: 6. is the fill-color value of "red" the same for each image ?
and as Bill asked, your problem can have a lot of approaches depending on what you actually want to achive
good luck 
|
|
|
|
|
Be care who you reply to. You didn't reply to the OP, you replied to Bill. The OP will now never get a notification that you posted anything in reply to his post. Bill gets that, and frankly, I think he knows what you just told him.
|
|
|
|
|
Hi
i have a method which takes around 10sec to excute(sometimes more time) and store the data in datatable. i am calling this metod inside a for loop so the process is taking longer time. Please suggest a way to speed up the process.
This method takes a input and generate a datarow and add that row to the global datatable. so there is same datatable which is being used throughout the for loop iterations. Please suggest how can i use thread in this case specially when we don't know how much time the method is going to take.
|
|
|
|
|
You need to identify if it is the building of the row or writing the row to the database that is causing the bottleneck. They require different solutions.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
No i am creating a datarow.there is no database. i am creating the datatable using that row.
public void GetData(DataTable dtAssetValues)
{
DataRow objdr = dtAssetValues.NewRow();
try { objdr["OSName"] = GetValues(strKey);
dtAssetValues.Rows.Add(objdr)
}
catch { }
}
here in this case the GetValues method has a Thread.Sleep(1000) of 1 sec. so there are 5-6 columns in the datatable for which i am calling this GetValues method to retrieve the column value.
I am calling this GetData method inside a for loop. Hope this helps.
|
|
|
|
|
superselector wrote: he GetValues method has a Thread.Sleep(1000) of 1 sec
You've now got my curiosity - why do you sleep the thread?
Also as a rule it is best not to catch exceptions without handling them - otherwise you may get undesired data/behaviour within the database.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Thanks.
Actually in that method, the response from a remote machine takes some time, hence i have added some delay in that method.
|
|
|
|
|
I still don't understand why you need a sleep, since if the response is taking some time the method will hold the thread - so there should be no need for a sleep.
Can you post the method that has the sleep to give me more of an idea of what you are trying to accomplish.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
