scripting

Phishing schemes are about to get a whole lot easier. Targeted attacks are much more likely to work now than ever before. Cookies stored on your computer can be retrieved by bad guys half a world away. Even big search engine companies like Google and Yahoo are shaking in their boots. What happened? The bad guys have discovered Cross-Site Scripting (XSS) and the Internet has sudden become a lot

A common home user may not be aware or familiar with the Windows Command Line; but power users & systems administrators, just cannot do without it. There are two basic features involving a command line. One is the entry 'Run" (or "Start Search" in Vista) that is in the Start menu and the other is the command prompt window. . .

Now available in local stores near you… I’m kinda 3 days off, but just today took the time to take a look on the feeds I follow, and came across this interesting article back at F-Secure’s blog -> Internet Explorer 6 Cross-Domain Scripting Vulnerability… I bet some of you will find it very useful… Anyway [...]

The Inidan Insitute of Management, Ahmedabad (IIM-A) on Sunday released a book scripting stories of 25 of its alumni who chose the less trodden path to make their mark as successful entrepreneurs. The book — “Stay Hungry, Stay Foolish“ — written by Rashmi Bnasal, herself alumnus of IIM-A, describes how 25 alumni of the premier [...]

javaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scripting and Ajax is an essential guide for modern JavaScript programming, its practical but comprehensive. It covers everything you need to know to get up to speed with JavaScr

Mastering Unix Shell Scripting: Bash, Bourne, and Korn Shell Scripting for Programmers, System Administrators, and UNIX Gurus (Paperback)By Randal K. Michael Buy new: $45.0013 utilised and new from $40.95 Customer Rating: First tagged “unix” by [...]

By Christian Heilmann "Beginning JavaScript with DOM Scripting and Ajax" ISBN: 9781590596807 | Publisher: Apress | English | 512 pages | PDF | Wed Jun14 2006 | 9Mb javaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scri

McAfee, Symantec and VeriSign plagued by XSS flaws Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed.… Read more…

Descrição:Este não é um programa, é informação em como programando seus próprios manuscritos para Gratificação de Mensageiro! Viva.Agora aquele Patchou atualizou a versão de Windows o Mensageiro Ao vivo nós temos uma versão deste documento em scripting.Nós poderemos estender as possibilidades de Mensageiro até onde a imaginação nos localiza.A documentação está em inglês e poss

These are some usefull links for VBscript programmer, which will help you a lot in learning WSH & VBscript or even developing real projects using VBscript, Jscript, Dictionary Object, File System Object (FSO), encoder etc. I personaly prefer CHM format since it is portable and by default able to run in basic windows installation, and [...]

Author: Ed Wilson Publisher: Microsoft Press Date: February 5, 2008 Pages: 687 PDF | 30.7 MBDescription: Get practical guidance for using Windows PowerShell to manage Windows Vista and Windows Server 2008. Written by Ed Wilson, a leading scripting expert and trainer at Microsoft, this reference offers a task-based approach to help you find the information you need for day-to-day tasks. It offers

Lo scorso fine settimana, il ricercatore finlandese Harry Sintonen ha individuato sul noto sito per i pagamenti online PayPal una vulnerabilità di tipo cross-site scripting che potrebbe essere sfruttata da malintenzionati per inserire nelle pagine del servizio contenuti malevoli al fine di rubare le credenziali degli utenti.L'immagine mostra un messaggio "iniettato" sul sito di PayPalSecondo Sint

Un serio error de scripting ha sido descubierto en Paypal y permitiría a los atacantes crear convincentes páginas spoof (copias) para robar credenciales de autotentificación de usuarios. El bug de cross-site scripting (XSS) es tanto más crítico porque reside en una página que se usa para extender la validación de certificados seguros. El nuevo, y vanamente [...]

Beginning Portable Shell Scripting: From Novice to Professional (Beginning: from Novice to Professional) (Paperback)By Peter Seebach Buy new: $34.99$23.09 First tagged “linux” by Julie Miller Customer tags: shell scripting, apress, unix, linux [...]

IOActive, security research firm reports that Earthlink and several ISPs are using advertising servers to collect revenue on misspelled URLs, but alleges that in so doing, they may have mistakenly exposed users to cross-site scripting. Dan Kaminsky, the group’s director of penetration testing, reported that a bug on Earthlink servers may have allowed hackers to launch phishing [...]

The majority of viruses recently have been email-based. They are often written in VBScript which is a scripting language used to automate tasks without user intervention (or perhaps, one even knowing the script is running). Microsoft built the Windows Scripting Host (WSH) as an application to run vbscript programs. It ships as an integral part of Windows 2000 and Windows XP. WSH is also included when one downloads Internet Explorer 5. WSH can be used to get access to the Windows commandshell, file system, and registry. Lots of people know vbscript. Its complexity is low, at least, the complexity to write virus code.To find out if the Windows Scripting Host is enabled on your PC: * Click Start | Run | cmd * Type wscript in the command shellIf its enabled, the Windows Script Host Setting

Investigadores de seguridad han encontrado una falla de seguridad en las hojas de cálculo de Google que permiten el robo de cookies. La vulnerabilidad cross-site scripting (XSS) habilitad a los atacantes a que usen los cookies robados como un modo para acceder a cualquier servicio de Google que un usuario ha registrado, incluyendo el acceder [...]

Taking the biscuit Security researchers have unpicked a flaw in Google spreadsheets that allows cookie stealing. The cross-site scripting vulnerability enables attackers to use stolen cookies to access any Google service a user has registered, including accessing a victim’s Google mail account.… Read more…

Scripting languages are a type of programming language that controls a specific software application. One example is JavaScript, that controls slight behaviour of a Web browser. For example, JavaScript in a particular fashion is an event-driven scripting language, so in this way, upon an event taking place, JavaScript “springs into action”. One JavaScript code could [...]

"Scripting language" has two apparently different, but in fact similar meanings. In a traditional sense, scripting languages are designed to automate frequently used tasks that usually involve calling or passing commands to external programs. Many complex application programs allow users to implement custom functions by providing them with built-in languages. Those which are of interpretive type, are often called scripting languages. More recently many of these applications have chosen to "build in" traditional scripting languages, such as Perl or Visual Basic, but there are quite a few "native" scripting languages still in use. Many scripting languages are compiled to bytecode and then this (usually) platform independent bytecode is run through a virtual machine (compare to Java). awk Ap

There's a small back story to this entry. Ive been working with an open source content management system for my company Magicomm and it eventually came time when we decided we were going to start our own blog. My goal was to use the preexisting framework of the CMS to smoothly integrate the blogging software into the back end of the system. It turns out this was the easy part....So now the goal of this entry. When it came time to output the data into your common blog format I found that their were some small things that helped my blog get indexed by popular blog directories as well as other assorted social media aggregations.So ultimately I'm assuming you understand the general format and benefits of a blog. You've got your title, author, timestamp, and a post of some sort. Other optional

There’s a small back story to this entry. Ive been working with an open source content management system for my company Magicomm and it eventually came time when we decided we were going to start our own blog. My goal was to use the preexisting framework of the CMS to smoothly integrate the blogging software [...]

There’s a small back story to this entry. Ive been working with an open source content management system for my company Magicomm and it eventually came time when we decided we were going to start our own blog. My goal was to use the preexisting framework of the CMS to smoothly integrate the blogging software [...]

"Shell Curses" is a library of script functions that provide the shell programmer the ability to perform text-based cursor movements to specified locations on the screen. This ability permits the creation of menuing and data-entry systems using shell scripts without the need for compiled binaries. These functions are similar to the "C" language "Curses" library.

"Shell Curses" is a library of script functions that provide the shell programmer the ability to perform text-based cursor movements to specified locations on the screen. This ability permits the creation of menuing and data-entry systems using shell scripts without the need for compiled binaries. These functions are similar to the "C" language "Curses" library.

Who says you have to use Perl to shell script? Jayesh definetly doesn't, and in this article he will show you how to shell script with PHP instead!I know that you all want to get rid of Perl Scripts because of their complexity and the fact that Perl is not an easy language to learn. With the introduction of PHP version 4.2, PHP has started supporting a new SAPI (Server Application Programming Interface) called CLI (Command Line Interface). This facility was introduced to help developers create small shell application (scripts) with PHP, meaning that you can kiss Perl goodbye forever! The CLI SAPI was released for the first time with PHP 4.2.0, but was still experimental back then and had to be explicitly enabled with --enable-cli when running ./configure. With PHP 4.3.0, the CLI SAPI will

The other day I found a way to script multiple objects using the "Object Explorer Detail" tab in Management Studio. To be honest, I never thought that this tab was useful. All you have to do is select the type object you want to script in the object explorer and do a multiple selection in the Object Explorer Detail window. Look at the example below: Hope this helps,   Eric

When the software is downloaded from a single file is fetched, WSH.EXE. Switches for WSH.EXE are /Q - Quiet Mode /T:<full path> - Specifies temporary working folder /C - Extract files only to the folder when used also with /T /C:<CMD> - Override Install Command defined by author To install perform the following: Start WSH.EXE either by running or clicking in Explorer Click Yes to the installation confirmation Click Yes to the license agreement Click OK to the install success message. If you wanted to install as part of a logon script or the like you would use C:\> wsh /q Which then asks no questions and gives no confirmations. You could check to see if WSH is installed and only install if not found, e.g. if not exist %systemroot%\system32\w

The Windows Scripting Host (WSH) is a tool that will allow you to run Visual Basic Scripting Edition and JScript within the base Operating System, either on Windows 95 or Windows NT 4.0. Using the scripting languages you already know you can now write script to automate common tasks, and to create powerful macros and logon scripts. Windows NT 5.0 natively supports the Windows Scripting Host.

The major reason canned scripts fail is that they contain only words, a Text. To bring a script to life we need to orchestrate Three T’s: our Text, Tone and Timing. When you ask someone to write a script for you, make sure he includes a great tone guide, as well, advises this [...]

Dernièrement, une faille de sécurité de type Cross Site Scripting, a été découverte dans une version de développement de Bilboblog (qui n'a jamais été publiée, donc personne n'est concernée). J'ai donc profité de cette occasion pour me pencher sur le fonctionnement de ces dernières et des solutions existantes pour les contrer efficacement.

eBOOK Details Publisher Apress Release Date April 16, 2007 ISBN 1590598164 eBOOK Description Practical JavaScript, DOM, and Ajax Projects is ideal for web developers already experienced in JavaScript who want to take their knowledge to the next level. It presents ten complete example projects for you to learn from and adapt for use in your own work. The book starts with a quick recap of

Cross Site Scripting was one of the major security threat faced by internet users. This security vulnerability may be exploited to allow code injection by malicious web users into the web pages viewed by other users. Now Firefox users can stay safe as this vulnerability has been fixed in the latest release of the Firefox web browser. There are couple of other security fixes that are made in

Cross Site Scripting was one of the major security threat faced by internet users. This security vulnerability may be exploited to allow code injection by malicious web users into the web pages... read more at >>

michal gabrukiewicz the author of webdevbros.net continue his efforts in developing ajax class for classic asp scripting, he has released the new version of ajaxed. here are the new features of ajaxed 0.3 now working with prototype 1.6 working with new version of JSON utility class 1.4 (JSON class for classic asp) loading indicator bug fixed. on the prior version it used to disappear if page scroll loading indicator now with no styles defined. so we should define our own style in the css class “ajaxLoadingIndicator” more test have been added also for recordsets (thanks michal i was asked you about this before :)) AJAXED_DBCONNECTION now defined in the config since the first release on July 2nd 2007 ajaxed has become a buzz word for classic asp fans (at least i realize that am not the only one who are not yet jumping out to .NET) and on the next version (ajaxed 0.2) michal has added a lot of cool functionality on it such as: Database class, stringOperations class and put

The fast, practical Oracle 9i/10g automation reference for every DBA! Automate Oracle—and save your time for more important tasks! This is the Oracle automation reference every working Oracle DBA needs…concise, straightforward, and incredibly easy to use. Discover proven solutions for automating installation, database creation, management, monitoring, tuning, backup/recovery, and more. Keep this book by your desk, near your server…wherever you need fast, reliable automation solutions right now! (more…)

What are cross-site scripting (XSS ) Attacks?Cross-site scripting attacks are attacks that target the end user instead of your actual site. Vulnerable web applications that don't check or validate properly incoming data let arbitrary code to run on a client computer (such as Javascript). The end result can be anything from stealing cookie data or redirecting to a different site, to embedding a browser exploit on a page. Anything that can be done with Javascript (a lot!).Example :Let us suppose that there is a comment form in the Michael's website of a section like photo gallary or article. He created a feature that let his viewers to comment on his photos or article by submitting a form. And he doesnot have much validation in this comment form.Now Sam (inturder) visits the Michael's website and he's jealous of Michael's website traffic and wants to steal some of his website's traffic. Then he can insert the follow code to his comment form Hi Michael, very gud job, keep it up! <

eBOOK Details Publisher Addison-Wesley Release Date August 19, 2007 ISBN 0321321936 eBOOK Description Using the Java platform’s new scripting support, you can improve efficiency, streamline your development processes, and solve problems ranging from prototyping to Web application programming. In Scripting in Java, Dejan Bosanac covers key aspects of scripting with Java, from the exciting

Description: A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks. The problem is that the “jar:” protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt). (more…) Share This

A Bourne Shell Programming/Scripting Tutorial for learning about using the Unix shell. Learn Linux / Unix shell scripting by example along with the theory. We'll have you mastering Unix shell scripting in no time.---Scripting is very important when administering Linux servers, it will automate most of your repetitive works, this tutorial is very helpful to those who are starting to learn scripting, just like me.read more

In my previous article, "How to record a file saving, performed by user from browser page?", I shown that user's activities are not recorded by LoadRunner. This is a rule!LoadRunner records file transferring from server and does not record file saving.What to do, if you have to save transferred file to local disk?Continue reading, and you will get the solution :)So, Let's start.You can download file from a server with the web_url function.See an example:Image downloading:web_url("logo.gif",    "URL=",    "Resource=1",    "RecContentType=image/gif",    "Snapshot=t1.inf",    LAST);This code downloads Google's logo image:To save this image as file to local disk, we have to perform these ste

In my previous article, "How to record a file saving, performed by user from browser page?", I shown that user's activities are not recorded by LoadRunner. This is a rule!LoadRunner records file transferring from server and does not record file saving.What to do, if you have to save transferred file to local disk?Continue reading, and you will get the solution :)So, Let's start.You can download file from a server with the web_url function.See an example:Image downloading:web_url("logo.gif",    "URL=",    "Resource=1",    "RecContentType=image/gif",    "Snapshot=t1.inf",    LAST);This code downloads Google's logo image:To save this image as file to local disk, we have to perform these ste

A new chapter from Scripting Quicktest Professional - Error Handling! In this chapter we cover the world of error handling in QTP and VBScript. We explore the concept of error handling from a code-design point of view, and clarify the governing concepts for doing it properly. Other than the conceptual overview, the chapter demonstrates the specifics of error handling in both QTP and VBScript. It runs through working with the different recovery scenarios and dealing with the Err object, and how you can combine them both to make your script more robust and complete. A must episode for anyone who needs to relay on his scripts and their results! So go right ahead and get the chapter!

A new chapter from Scripting Quicktest Professional is available - Working with SVG! This chapter deals with a very specific niche technology - SVG  -  Scalable Vector Graphics. It’s an XML markup language for describing two - dimensional vector graphics, both static and animated, and either declarative or scripted. It is an open standard created by the World Wide Web Consortium.  This chapter can be crucial for those of you who deal with this technology and its different implementations. It shows how to process the information, recognize the relevant objects, and perform common tasks, all with extensive source code examples and demonstrations. So go right ahead and get the new chapter!

A new chapter from Scripting Quicktest Professional is upon us - Accessing PDFs. In this chapter Dani manages what I thought was impossible - automating PDF operations and validations in a robust and maintainable way! Dani takes us through the PDF run-time object model and shows how to use the different properties and methods to perform pretty much anything you can imaging. To make things clearer and more understandable, Dani expands the syntax examples to full blown code snippets that achieve real-world functionality, providing both cut-and-paste value, as well as excellent self-learning reference. If your application has any connection to PDFs, I STRONGLY advise reading this chapter. Actually, I advise it regardless of your AUT, it's just too good to skip. So go right ahead and get the chapter! Enjoy.

Presenting a new chapter from Scripting Quicktest Professional - Win32 API. In this chapter we explore dozens of windows functions and extension which could make our scripts ever so richer and powerful. These functions and extension could be linked to your script via the Extern.Declare method, and be used in various ways in your script from then on (somewhat like DotNetFactory). As always the chapter is filled with detailed example as to the syntax and demo uses of Extern.Declare. So go right ahead and get the chapter!

A new chapter from Scripting Quicktest Professional is available - Using DotNetFactory! In this chapter, we examine what I think is the biggest unspoken killer-feature of QTP - DotNetFactory. DotNetFactory allows you to create instances of .Net classes within your QTP script, and use them to your liking. I've previously discussed some of the uses of DotNetFactory, but in this chapter, Dani takes things much further. The chapter shows, step by step, the advantages of using DotNetFactory via two main examples. It takes you through detailed code-walkthroughs and shows you just how simple life could be when using the .Net world. As always, the examples are crystal-clear, and the code walkthroughs as extremely detailed, including screen shots and footnotes. So go right ahead and download the full chapter! Enjoy :)

A new chapter from Scripting Quicktest Professional is now available : Working with Shell32. In this chapter, we explore windows Shell32 interfaces and objects, which allow us to access special folders and functions, and execute basic user network tasks. As we’ll see, we can easily mimic basic user actions with the Shell32 object, without dealing with QTP’s problematic abilities to operate windows screens and submenues. Enjoy :)

Web 2.0 has enabled a broad array of Websites to be more engaging for users. It has also enabled a new and now very common attack, namely cross site scripting, commonly referred to as XSS attacks (define). Mozilla is aiming to put an end to XSS attacks in its upcoming Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data. (more…) Share This

Arsene in the post match conference talked about how such a late victory could change our season. I really hope it does since we looked pretty ordinary out there against Fulham. I have seen many matches when Arsenal keep shooting and don’t score. But there was one thing unique to this match. Fulham was creating chances at will, expecially in the second half and hence, we never held the high line in defence that we generally manage to hold just some yards of the half line. There were many instances that the attacks by Fulham, which were essentially on the break, were keeping us close to our D. This is what frightens me the most. And I for one do not think it is a coincidence that goalkeepers come up with ‘great’ performances against us. If you look at our chances and see the number of shots towards the near post it is astounding. At this level, I don’t think we can expect keepers to be bet at their near post. (Exception- Almunia, especially when he is

A new chapter from Scripting Quicktest Professional is now available : WSH - Windows Script Host. In this chapter, we dive into the depths of the windows host mechanism. We’ll learn how to use windows script objects to manage the computer, pop-up messages to the user, and even run scripts on remote meachines. The chapter is quite advanced, but it can open a world of possibilities you never thought of. Happy reading! :)

Today Nenest Scripting functionality is released to public.  This feature allows users to do some scripting.  Some users ask us why not just allow javascript in their form, the answer is security.  With general javascript, it's hard to make the form safe and secure.Here is Nenest Script Language manual page: is a demo form which uses scripts:

Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers. *XSS Vulnerabilities exist in 8 out of 10 Web sites *The authors of this book are the undisputed industry leading authorities *Contains independent, bleeding edge research, c

Und erneut eine nützliche Utility [1] samt einer Scriptsammlung [2] für den gestressten IT-Worker ... ;-) "... AutoHotkey unleashes the full potential of your keyboard, joystick, and mouse. For example, in addition to the typical Control, Alt, and Shift modifiers, you can use the Windows key and the Capslock key as modifiers. In fact, you can make any key or mouse button act as a modifier..." [1] http://www.autohotkey.com/ [2] http://www.donationcoder.com/Software/Skrommel/

Dimitri Popov shows how to use OpenOffice.org and a little known tool JODConverter to do document conversion in batch format. Dimitri hows how to start the relevant processes and how to define the input and output formats. His one page article comes handy when you want to convert a large number of documents into a new format, lets say some spreadsheets into PDF.

My favorite April’s fool prank so far is a combination of two cross site scripting attacks on Cisco’s web site and Maria Sharapova’s site to announce that she has passed the Cisco certification test and will now become a security engineer. It’s a neatly done attack (just a small noticeable error on the [...]

Book Description JavaScript is one of the most important technologies on the web. It provides the means to add dynamic functionality to your web pages and serves as the backbone of Ajax-style web development. Beginning JavaScript with DOM Scripting and Ajax is an essential guide for modern JavaScript programming; it's practical but comprehensive. It covers everything you need to know to get up