<form action="" method="post">
<input type="text" name="k"> <br>
<input type="password" name="p"> <br>
<input type="submit" value="gonder"> <br>
</form>
This code has xpath injection and the xml database of this code is:
<?xml version="1.0" encoding="UTF-8"?>
<kullanicilar>
<kullanici>
<id>1</id>
<kAdi>yetkili</kAdi>
<parola>1999yetkili!</parola>
<bilgi>merhaba dunya</bilgi>
How can I do xpath injection in this code?
I read other topics but it didn't work or I didn't understand.
I'm waiting for ur help
Related
I am working on a spring boot application and trying to convert jsp to thymeleaf. I am stuck converting the following jsp code to thymeleaf: I do not know how to convert the <c:import> part.
<c:forEach items="${requestScope.users}" var="user" varStatus="status">
<div <c:if test="${!status.last}"></c:if>>
<c:import url="/user/checkUser">
<c:param name="username" value="${user.username}" />
<c:param name="firstName" value="${user.firstName}" />
<c:param name="lastName" value="${user.lastName}" />
</c:import>
</div>
</c:forEach>
There is no direct replacement in Thymeleaf. The best way is to create a fragement that has the HTML that lives at the /user/checkUser URL.
For instance, create src/main/resources/templates/fragments.html:
<div th:fragment="show-user-info(username, firstName, lastName)">
<div th:text="${username}"></div>
<div th:text="${firstName}"></div>
<div th:text="${lastName}"></div>
</div>
Now, you can use the fragment:
<div th:each="user : ${users}">
<th:block th:if="${!status.last}">
<div th:replace="fragments :: show-user-info(${user.username},${user.firstName},${user.lastName})"></div>
</th:block>
</div>
I am using Google Custom Search box with below code
<div class="cse">
<form action="http://www.google.com/cse" id="cse-search-box">
<div>
<input type="hidden" name="cx" value="xxxxxxxxxx" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="text" name="q" size="30" />
<input type="submit" name="sa" value="Search" />
</div>
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script></td></p>
</div>
However as now going to shift all pages to https - has to replace the code
<div class="cse">
<form action="https://cse.google.com/cse" id="cse-search-box">
<div>
<input type="hidden" name="cx" value="xxxxxxxxxx" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="text" name="q" size="30" />
<input type="submit" name="sa" value="Search" />
</div>
</form>
<script type="text/javascript" src="https://cse.google.com/cse.js?cx=' + cx/brand?form=cse-search-box&lang=en"></script></td></p>
</div>
Can anyone help and assist if the above modified code is correct
That seems like it should work, but you should consider switching to the Custom Search Element --- It's the modern, supported way to use Google Custom Search
I'm doing a project to launch yodlee fastlink. I was able to get the token and userSession and trying the below codes. I'm only getting "Cannot POST resource". I'm trying to find a more detailed/simpler documentation. Any help would be appreciated.
<form action="https://node.developer.yodlee.com/authenticate/restserver" method="post" name="rsessionPost" id="rsessionPost" target="yodleeIframe">
<input style="visibility: hidden" type="text" name="rsession" placeholder="rsession" value="08312016_0:149676f79ace306255a2c7827f9db590ccabd7350ad5d952f31fc503675bba9ec522728c213a9e5c3e98bd8ceff795c88f9a6f80040a68ce325ae54759f6e504" id="rsession" /><br />
<input style="visibility: hidden" type="text" name="app" placeholder="FinappId" value="10003600" id="finappId" /><br />
<input style="visibility: hidden" type="text" name="redirectReq" placeholder="true/false" value="true" /><br />
<input style="visibility: hidden" type="text" name="token" placeholder="token" value="e59f51a169f52925cd715a945630686e59667d2d1fae511fd50b4e292a8e7342" id="token" /><br />
<input type="submit" name="submit" />
</form>
It seems like there is a forward slash '/' missing at the end of the URL.
Please put it there and submit the form you should be able to access Fastlink.
"https://node.developer.yodlee.com/authenticate/restserver/"
How do I add the spring security login form to an existing page?
For example, let's say I have the following test.jsp page (which is not a spring login form page):
<html>
<head>Existing Page</head>
<body>
<div id="login-form"></div>
</body>
</html>
I would like to add the login form configured in my spring-security.xml inside the login-form div.
Typically I believe people just put the form right in the page (i.e. within the div you have there.) Something like:
<form id="blah" action="/j_spring_security_check">
<input type="text" name="j_username" />
<input type="text" name="j_password" />
<input type="submit" name="submit" value="login" />
<input type="reset" name="reset" />
</form>
Then use your css to make it fit the look and feel of the rest of your application.
Hello everyone I have added a search engine on my project but when I click the search button some characters are going crazy like ş seems ÅŸ. After that I have added the code as you can see below at Shared cshtml ;
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
Finally I have added this to webconfig file
<system.web>
<globalization culture="tr-TR" uiCulture="tr-TR" fileEncoding="utf-8"
responseEncoding="utf-8" requestEncoding="utf-8" />
But nothing was changed. Could you help me please ?
Here is my search code
<form method="get" action="http://www.google.com.tr/custom" target="google_window">
<input type="hidden" name="domains" value="www.maltepe.bel.tr"></input>
<label for="sbi" style="display: none"></label>
<input type="text" name="q" style="height:14px;width:167px" value="" id="sbi"></input>
<button type="submit" name="sa" value="Arama" id="sbb"></button>
<input type="hidden" name="sitesearch" value="www.maltepe.bel.tr" id="ss1"></input>
<input type="hidden" name="client" value="pub-2231511596197409"></input>
<input type="hidden" name="forid" value="1"></input>
<input type="hidden" name="channel" value="1809328852"></input>
<input type="hidden" name="ie" value="ISO-8859-9"></input>
<input type="hidden" name="oe" value="ISO-8859-9"></input>
<input type="hidden" name="cof" value="GALT:#E9382F;GL:1;DIV:#CCCCCC;VLC:7E3939;AH:center;BGC:FFFFFF;LBGC:FF3333;ALC:E9382F;LC:E9382F;T:000000;GFNT:7E3939;GIMP:7E3939;FORID:1"></input>
<input type="hidden" name="hl" value="tr"></input>
</form>
Try to change ie and oe value to "UTF-8" see if it is ok.