Thursday, 10 November 2022

get Tiny URL

 public static string getTinyURL(string url_)

    {

        string retVal = "";

        try

        {


            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://tinyurl.com/api-create.php?url=" + url_);

            if (HttpContext.Current.Request.Url.Authority.Trim().ToLower().Contains("".Trim().ToLower()) || HttpContext.Current.Request.Url.Authority.Trim().ToLower().Contains("localhost".Trim().ToLower()))

            { }

            else

            {

                WebProxy myproxy = new WebProxy("", 8080);

                myproxy.BypassProxyOnLocal = false;

                request.Proxy = myproxy;

            }

            request.Method = "GET";

            HttpWebResponse response = (HttpWebResponse)request.GetResponse();

            StreamReader srd = new StreamReader(response.GetResponseStream());

            retVal = srd.ReadToEnd();

        }

        catch (Exception ex)

        {

            

        }


        return retVal;

    } 


Posted by at No comments:

Get Convert DateTime

 public DateTime GetConvertDateTime(string Date)

    {

        DateTime date = new DateTime();

        string CurrentPattern = Thread.CurrentThread.CurrentCulture.DateTimeFormat.ShortDatePattern;

        string[] Split = new string[] { "-", "/", @"\", "." };

        string[] Patternvalue = CurrentPattern.Split(Split, StringSplitOptions.None);

        string[] DateSplit = Date.Split(Split, StringSplitOptions.None);

        string NewDate = "";

        try

        {

            NewDate = DateSplit[0] + "/" + DateSplit[1] + "/" + DateSplit[2];


            date = DateTime.Parse(NewDate, Thread.CurrentThread.CurrentCulture);


        }

        catch (Exception ex)

        {

            NewDate = DateSplit[1] + "/" + DateSplit[0] + "/" + DateSplit[2];


            date = DateTime.Parse(NewDate, Thread.CurrentThread.CurrentCulture);

        }

        finally

        {


        }


        return date;


    }






Posted by at No comments:

 Create Google SMTP App password and use  those password for mail send

Create password URL: 

https://myaccount.google.com/security

https://myaccount.google.com/apppasswords

https://myaccount.google.com/u/0/apppasswords

Posted by at No comments:

Thursday, 25 March 2021

VAPT

<meta http-equiv="Content-Security-Policy" content="default-src 'self' * 'unsafe-inline'; child-src *; object-src *; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src *">

 -----------

 void Application_PreSendRequestHeaders(object sender, EventArgs e)

    {

        HttpContext.Current.Response.Headers.Remove("Server");

        Response.Headers.Set("Server", "My httpd server");


        HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");

        Response.Headers.Set("X-AspNet-Version", "XXX");


        HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");

        Response.Headers.Set("X-AspNetMvc-Version", "XXX");


        HttpContext.Current.Response.Headers.Remove("X-Powered-By");

        Response.Headers.Set("X-Powered-By", "XXX");  

    }



https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties

https://portswigger.net/web-security/cors


Access-Control-Allow-Origin: https://www.drreddys.com/

Access-Control-Allow-Credentials: true

-------------

Cookies HttpOnly 

<add name="strict-transport-security" value="max-age=31536000" />: 

<compilation debug="false" targetFramework="4.7.1" numRecompilesBeforeAppRestart="2000">

--------

<system.webServer>

    <httpProtocol>

      <customHeaders>

        <add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />

        <add name="Pragma" value="no-cache" />

        <add name="Expires" value="0" />

<add name="X-Frame-Options" value="deny" />

<add name="X-content-type-options" value="nosniff" />

<add name="strict-transport-security" value="max-age=31536000" />

      </customHeaders>

    </httpProtocol>

    </system.webServer>


1. XPath injection                                     –Pramod -- done

5. Input returned in response (reflected)               –Pramod -- Done

6. Suspicious input transformation (reflected)     –Pramod –Done

7. Cross-domain Referer leakage                               -- Sudha --WIP



$("input[type='checkbox'][name='checkhlprof']:checked").length

$("input[type='checkbox'][name='checkhltermcond']:checked").length



1. XPath injection

WIP


2. SSL certificate

Nitin : please check the SSL certificate


3. Content type incorrectly stated

<add name="X-content-type-options" value="nosniff" />


4. Strict transport security not enforced

I have redirect from http to https 

  <rewrite>

   <rules>

      <rule name="HTTPS Rule behind AWS Elastic Load Balancer Rule" stopProcessing="true">

         <match url="^(.*)$" ignoreCase="false" />

         <conditions>

            <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />

         </conditions>

         <action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" />

      </rule>

   </rules>

</rewrite>



5. Input returned in response (reflected)

WIP



6. Suspicious input transformation (reflected)

Error page Default redirect ot error page thus response is showing "error page" by Umbraco CMS


9. Frameable response (potential Clickjacking)

<add name="X-Frame-Options" value="deny" />sameorigin


10. Cacheable HTTPS response

 <add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />

        <add name="Pragma" value="no-cache" />

        <add name="Expires" value="0" />



7. Cross-domain Referer leakage

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js


8. Cross-domain script include

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js


Posted by at No comments:

Thursday, 21 January 2021

RSS feed API read and show on your website

 private string ParseRssFile()

{
    XmlDocument rssXmlDoc = new XmlDocument();

    // Load the RSS file from the RSS URL
    rssXmlDoc.Load("http://feeds.feedburner.com/techulator/articles");

    // Parse the Items in the RSS file
    XmlNodeList rssNodes = rssXmlDoc.SelectNodes("rss/channel/item");

    StringBuilder rssContent = new StringBuilder();

    // Iterate through the items in the RSS file
    foreach (XmlNode rssNode in rssNodes)
    {
        XmlNode rssSubNode = rssNode.SelectSingleNode("title");
        string title = rssSubNode != null ? rssSubNode.InnerText : "";
                
        rssSubNode = rssNode.SelectSingleNode("link");
        string link = rssSubNode != null ? rssSubNode.InnerText : "";
                
        rssSubNode = rssNode.SelectSingleNode("description");
        string description = rssSubNode != null ? rssSubNode.InnerText : "";

        rssContent.Append("<a href='" + link + "'>" + title + "</a><br>" + description);
    }

    // Return the string that contain the RSS items
    return rssContent.ToString();
}
Posted by at No comments:

Thursday, 18 June 2020

Umbraco internal page redirect setting

Posted by at No comments:

Thursday, 12 March 2020

Insert UserIP C sharp


public string getExternalIp()
        {
            try
            {
                string ipAddress;
                ipAddress = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
                if (ipAddress == "" || ipAddress == null)
                {
                    ipAddress = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
                }
                return ipAddress;

               
            }
            catch { return null; }
        }

public string getExternalIp()
        {
            try
            {
               
string externalIP;
externalIP = (new System.Net.WebClient()).DownloadString("http://checkip.dyndns.org/");
externalIP = (new System.Text.RegularExpressions.Regex( @"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") ).Matches(externalIP)[0].ToString();
                return externalIP;
            }
            catch { return null; }
        }

string IPAddress =  getExternalIp() ?? HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString();

Posted by at No comments:
Subscribe to: Posts (Atom)