Wednesday, April 20, 2016

Read xml fille using LINQ Query

Xml file: DomainList.xml

<?xml version="1.0" encoding="utf-8"?>
<DomainList>
  <DomainName name="https://google.com"/>
  <DomainName name="https://gmail.com"/>
  <DomainName name="fonts.googleapis.com"/>
  <DomainName name="fonts.gstatic.com"/>
</DomainList>

C# Code: below code check redirecting url contains in the xml file or Not

   Uri sReturnUrl = new Uri(ReturnUrl);
            XElement main = XElement.Load(HttpContext.Current.Server.MapPath("~/ExcelTemplates/DomainList.xml"));

            var query = (from param in main.Descendants("DomainName")
                         where ((string)param.Attribute("name")).Contains(sReturnUrl.Host)
                         select new
                         {
                             code = (string)param.Attribute("name")
                         }).FirstOrDefault();
Posted by at No comments:

Validate XSS reflection attacking page URL

Url:
https://test.com/Support/Employee/AllItems.aspx/?--%3E%3C/script%3E%3Cscript%3Ealert(235213)%3C/script%3E

In the above url it shows alert bydefault
Solution for this:
<script type="text/javascript">
       var pageUrl = window.location.href;
       var htmlTags = ["script", "style", "img", "font"];
       for (i = 0; i < htmlTags.length; i++) {
           var tagName = htmlTags[i].toString();
           if (pageUrl.indexOf(tagName) > -1) {
               window.location.href = pageUrl.split("?")[0];            
           }
       }
 </script>

the above code remove alert.

Posted by at No comments:
Subscribe to: Posts (Atom)