fake_Bezawada Posted July 7, 2016 Report Share Posted July 7, 2016 ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaru evarina baaga telisina vaalu vunte help me please Quote Link to comment Share on other sites More sharing options...
Dustbin Posted July 7, 2016 Report Share Posted July 7, 2016 ravali ravali Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 1 hour ago, Dustbin said: ravali ravali telisthe cheppu bhayyiah ippudu user validation appudu js lo input field text lo query rasi backend ki papmapdu anuko hibernate criteria loki direct ga pass chestham appudu adhi string ni query laaga construct chesukuni hit chesthadi db breakage avthadi alantivi ela avoid cheyyali ela validate cheyyali Quote Link to comment Share on other sites More sharing options...
Dustbin Posted July 7, 2016 Report Share Posted July 7, 2016 46 minutes ago, fake_Bezawada said: telisthe cheppu bhayyiah ippudu user validation appudu js lo input field text lo query rasi backend ki papmapdu anuko hibernate criteria loki direct ga pass chestham appudu adhi string ni query laaga construct chesukuni hit chesthadi db breakage avthadi alantivi ela avoid cheyyali ela validate cheyyali Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 Just now, Dustbin said: Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 Just now, Dustbin said: Bhayya thread ni ltt chesa nenu anta pedda chaduvulu sadavaledu same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Quote Link to comment Share on other sites More sharing options...
Dustbin Posted July 7, 2016 Report Share Posted July 7, 2016 1 minute ago, fake_Bezawada said: same naalage anmata nuvvu kooda aythe mana iddari situation okate le bro Java antivi sql antivi injection antivi malla naala antivi machine arustundi Quote Link to comment Share on other sites More sharing options...
DannyArcher Posted July 7, 2016 Report Share Posted July 7, 2016 2 hours ago, fake_Bezawada said: ippudu web services lo json response vastundhi kadha ajax or some js nunchi andhulo SQL injection vunte ela validate chestaru evarina baaga telisina vaalu vunte help me please There are many , AFAIK these are the key points to take care : 1) After receiving the response , validate data type of value before sending it to database server 2) avoid using functions like eval , etc., which executes "js script " present in JSON . Instead use parse , string functions to work on json data    Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 3 minutes ago, DannyArcher said: There are many , AFAIK these are the key points to take care : 1) After receiving the response , validate data type of value before sending it to database server 2) avoid using functions like eval , etc., which executes "js script " present in JSON . Instead use parse , string functions to work on json data    ippudu data type ante fine bro integer float etc baane cheyachu but query String form lo vatchestundhi daanini ela identify chestham code lo emyana sample vunte ivvava Quote Link to comment Share on other sites More sharing options...
DannyArcher Posted July 7, 2016 Report Share Posted July 7, 2016 2 minutes ago, fake_Bezawada said: ippudu data type ante fine bro integer float etc baane cheyachu but query String form lo vatchestundhi daanini ela identify chestham code lo emyana sample vunte ivvava Go through Second point . Use parse or stringify functions to work    On response Json data . Lot of examples in the Internet pls check Quote Link to comment Share on other sites More sharing options...
Prabhas_Fan Posted July 7, 2016 Report Share Posted July 7, 2016 Quote Link to comment Share on other sites More sharing options...
fake_Bezawada Posted July 7, 2016 Author Report Share Posted July 7, 2016 30 minutes ago, DannyArcher said: Go through Second point . Use parse or stringify functions to work    On response Json data . Lot of examples in the Internet pls check oka manchi link padey bro naku pleaseeeee oka 1 week mee CBN,Balayya thread la joliki raanu Quote Link to comment Share on other sites More sharing options...
Greenchilly Posted July 7, 2016 Report Share Posted July 7, 2016 Â Nice thread Quote Link to comment Share on other sites More sharing options...
SANANTONIO Posted July 7, 2016 Report Share Posted July 7, 2016 Ilanti dynamic/static risks ki OWASP guidelines follow aithe better, we used it for cross site scripting, sql injection etc...try follow https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet motham code marchadam kanna minimal changes tho aipothai with Esapi encoding technique Quote Link to comment Share on other sites More sharing options...
Answer Posted July 7, 2016 Report Share Posted July 7, 2016 named parameters vadhu bro i think it might solve your question Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.