Recently hackers attacked facebook by injecting porn images and videos in to the users account.Facebook said, it is a Self-XSS attack.
The Self XSS attack is a computer securtiy vulnerability, mostly used to attack the web applications by injecting client side script (Java Script, VB Script etc..) into web pages viewed by other users.
The below examples will be giving an overall idea about how a client side script can inject,
For example enter the code into the web browser
javascript:alert('I am XSS');
This is will show a pop up with "I am XSS".
Like this a hacker can inject malicious codes into the browser to steal confidential data, cookies, redirect to other sites etc...
To get all the cookies informations, execute the below code in the browser
javascript:alert("Cookies:"+document.cookies+" "+"\n I am XSS");
The above codes would not be doing other than displaying the datas, but a hacker can
inject powerfull malicious codes to destroy the user informations.
Download PDF:
1) A Study of Malicious Attacks on Facebook
2) http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Hoffman.pdf
3) Cross-Site Scripting XSS
4) http://sun.cs.ucdavis.edu/papers/esorics09_xssworm.pdf
PHP free e-books, free codes, free scripts, free downloads
PHP Teacher Powers PHP to the future...
ViewVC or ViewCVS
It was calling as ViewCVS, but it got changed to ViewVC.The open source tool is giving an browser interface to view the contents of SVN and CVS.
This generates HTML to present directory, revision and logs. ViewVC is written in python and the parameters can be modified directly in a URL by using a REST style interface.
The below items are some of the additional features of ViewVC:
Support for filesystem-accessible CVS and Subversion repositories.
Support for path-based authorization, including parsing and honoring Subversion authz configuration files.
RSS feed generation for tracking changes to repositories or individual items within repositories.
Individually configurable virtual host support.
Line-based annotation/blame display.
Revision graph capabilities (via integration with CvsGraph) (CVS only).
Syntax highlighting support.
Bonsai-like repository query facilities.
Template-driven output generation.
Colorized, side-by-side differences.
Tarball generation (by tag/branch for CVS, by revision for Subversion).
Localization support based on the Accept-Language request header.
Ability to run either as CGI script or as a standalone server.
Regexp-based file searching.
INI-like configuration file (as opposed to requiring actual code tweaks)
The authentication and auhtorization can be set while accessing the repositories using ViewVC.
But the question is how can we restrict individual users to access their CVS or SVN repositories.
The below URLs gives an ideas:
http://www.viewvc.org/faq.html#authz-support
http://svn-access-mana.sourceforge.net/#inst_web_viewvc
Download PDFs:
1) http://svnbook.red-bean.com/en/1.5/svn-book.pdf
2) http://micro.stanford.edu/mediawiki/images/0/04/Howto_istall_SVN_Fedora.pdf
3) http://www.docbook.org/docs/howto/howto.pdf
4) http://www.shrubbery.net/rancid/RhysEvans_overview_0.3.pdf
5) http://micro.stanford.edu/mediawiki/images/9/9b/Howto_istall_SVN_CentOS.pdf
6) http://wsmoak.net/subversion/demo/viewvc.html
7) http://en.wikipedia.org/wiki/ViewVC
This generates HTML to present directory, revision and logs. ViewVC is written in python and the parameters can be modified directly in a URL by using a REST style interface.
The below items are some of the additional features of ViewVC:
Support for filesystem-accessible CVS and Subversion repositories.
Support for path-based authorization, including parsing and honoring Subversion authz configuration files.
RSS feed generation for tracking changes to repositories or individual items within repositories.
Individually configurable virtual host support.
Line-based annotation/blame display.
Revision graph capabilities (via integration with CvsGraph) (CVS only).
Syntax highlighting support.
Bonsai-like repository query facilities.
Template-driven output generation.
Colorized, side-by-side differences.
Tarball generation (by tag/branch for CVS, by revision for Subversion).
Localization support based on the Accept-Language request header.
Ability to run either as CGI script or as a standalone server.
Regexp-based file searching.
INI-like configuration file (as opposed to requiring actual code tweaks)
The authentication and auhtorization can be set while accessing the repositories using ViewVC.
But the question is how can we restrict individual users to access their CVS or SVN repositories.
The below URLs gives an ideas:
http://www.viewvc.org/faq.html#authz-support
http://svn-access-mana.sourceforge.net/#inst_web_viewvc
Download PDFs:
1) http://svnbook.red-bean.com/en/1.5/svn-book.pdf
2) http://micro.stanford.edu/mediawiki/images/0/04/Howto_istall_SVN_Fedora.pdf
3) http://www.docbook.org/docs/howto/howto.pdf
4) http://www.shrubbery.net/rancid/RhysEvans_overview_0.3.pdf
5) http://micro.stanford.edu/mediawiki/images/9/9b/Howto_istall_SVN_CentOS.pdf
6) http://wsmoak.net/subversion/demo/viewvc.html
7) http://en.wikipedia.org/wiki/ViewVC
Subscribe to:
Posts (Atom)