1597586400
Reflected User Input == XSS!
Hey guys! I hope everyone is doing great, this a small writeup of one of my findings, hope this can help you. Let’s start!
Popped an alert box through the email field.
In December, REDACTED decided to go public with their Bug Bounty program,so I thought why not hunt their as they had a huge scope.
Here’s some really basic info before we dig in:
Email addresses are widely used in forms and displayed several times in different parts of a web application.Any input different from a classic email format gets rejected by application returning an “INVALID” response
While testing the support ,I found this:
Support Page
As we can see above, that the email: test@test.com is being reflected, tried the basic XSS payload: but no luck as it required “@” in the email field.
I remembered reading Brutelogic’s XSS in limited input formats.I strongly suggest reading his post, he has explained many other situations which will be of great help and might come in handy.
So,the payload I used in the email field was “<svg/onload=alert(1)>”@x.y .Submit and I have a pop-up on my screen!
I was awarded a $50 bounty for this reflected “email” XSS.
Thank you for reading!
#information-technology #hacking #information-security #bug-bounty #cybersecurity
What is GEEK
Buddha Community
1670440320
How to Accept Text input From Users in A Phaser Game
When you create a game, you may find yourself needing to accept keyboard input from the user. I’m not talking about using the keyboard to control your player, but instead to accept text from the keyboard to be used as a username or for the in-game chat.
If you’ve been keeping up with the Phaser content releasing on the blog, you might remember the tutorial titled, Creating a Multiplayer Drawing Game with Phaser and MongoDB. This tutorial demonstrated taking user input to be used as the game information, but it did so with a bit of HTML hacking.
There are better ways!
In this tutorial we’re going to see how to take user keyboard input directly within a Phaser 3.x game using embedded HTML and JavaScript, rather than HTML layered on top of the game.
To get an idea of what we want to accomplish, take a look at the following animated image:
In the above example we have a single game scene. This scene has rendered text as well as an input field directly in the game canvas. When you add input to the text field, the rendered text updates when you press the return key.
Like I mentioned, we could absolute position an HTML text input on our canvas, but then we lose out on some integration functionality as well as the automatic scaling that Phaser adds to the embedded HTML.
Create a New Phaser 3.x Project for the Game
To get us started, we’re going to create a new Phaser 3.x project using some boilerplate code. The goal here is to not over-complicate the focus of the example, being the text input.
On your computer, create a new directory and within that directory create an index.html file with the following markup:
<!DOCTYPE html>
<html>
<head>
<script src="//cdn.jsdelivr.net/npm/phaser@3.24.1/dist/phaser.min.js"></script>
</head>
<body>
<div id="game"></div>
<script>
const phaserConfig = {
type: Phaser.AUTO,
parent: "game",
width: 1280,
height: 720,
scene: {
init: initScene,
preload: preloadScene,
create: createScene,
update: updateScene
}
};
const game = new Phaser.Game(phaserConfig);
function initScene() { }
function preloadScene() { }
function createScene() { }
function updateScene() { }
</script>
</body>
</html>
In the above markup, we’ve included the Phaser package in our project and configured a basic game with unused lifecycle events.
We know that the goal will be to eventually show the user provided text on the screen, so let’s get our text ready to go.
Within the createScene function of our index.html file, add the following JavaScript code:
function createScene() {
this.message = this.add.text(640, 250, "Hello, --", {
color: "#FFFFFF",
fontSize: 60,
fontStyle: "bold"
}).setOrigin(0.5);
}
The above code will render some text on the screen. We’re storing a reference to the text object in the this.message variable because we plan to change the text later.
The foundation of our project is ready, so now we can focus on the text input.
Create and Interact with a Loaded HTML Component on the Phaser Canvas
The thought process behind accepting text input from the user is that we want to create a standard HTML form and load it into our Phaser game as if it were just another game asset.
We’ll start by creating an HTML file with our form. Within the project directory, create a new form.html file with the following markup:
<!DOCTYPE html>
<html>
<head>
<style>
#input-form {
padding: 15px;
background-color: #931C22;
}
#input-form input {
padding: 10px;
font-size: 20px;
width: 400px;
}
</style>
</head>
<body>
<div id="input-form">
<input type="text" name="name" placeholder="Full Name" />
</div>
</body>
</html>
The above markup is a properly styled input element. If you take only one thing out of the above markup, take the <input> tag with the name attribute. The name attribute is critical when it comes to what we do in our Phaser game.
We’ll continue, but this time from within the index.html file. Inside the index.html file, we need to modify the phaserConfig so that we can work with DOM elements in our game.
const phaserConfig = {
type: Phaser.AUTO,
parent: "game",
width: 1280,
height: 720,
dom: {
createContainer: true
},
scene: {
init: initScene,
preload: preloadScene,
create: createScene,
update: updateScene
}
};
Take notice of the dom property. Without this property, anything we attempt to do with the HTML file will not work.
Since the game is now properly configured, we can jump into the preloadScene function:
function preloadScene() {
this.load.html("form", "form.html");
}
In the above code we are loading the form.html file and giving it a key so we can later reference it in our code. With the HTML file loaded, now we can make use of it in the createScene function:
function createScene() {
this.nameInput = this.add.dom(640, 360).createFromCache("form");
this.message = this.add.text(640, 250, "Hello, --", {
color: "#FFFFFF",
fontSize: 60,
fontStyle: "bold"
}).setOrigin(0.5);
this.returnKey = this.input.keyboard.addKey(Phaser.Input.Keyboard.KeyCodes.ENTER);
this.returnKey.on("down", event => {
let name = this.nameInput.getChildByName("name");
if(name.value != "") {
this.message.setText("Hello, " + name.value);
name.value = "";
}
});
}
The above code has a bit more JavaScript than we previously saw. In addition to rendering our text, now we’re adding the DOM element to the canvas. Remember, in the preloadScene function we were only loading the HTML. In the createScene function we are adding it to the scene to be interacted with.
Being able to add text to it is great, but we need to know when the user wants to submit it. This is where the keyboard events come into play.
this.returnKey = this.input.keyboard.addKey(Phaser.Input.Keyboard.KeyCodes.ENTER);
The above line says that we are taking control of the return or enter key.
Since we have control of it, we can listen for down events:
this.returnKey.on("down", event => {
let name = this.nameInput.getChildByName("name");
if(name.value != "") {
this.message.setText("Hello, " + name.value);
name.value = "";
}
});
When the key is pressed, we get the child element within the form.html file. Remember the name attribute on the input element? In this example name is not the attribute key, but the value that we set the attribute as. It is only coincidence that they share the same name.
Once we have the input field, we can check if it is empty. If it is not empty, we can change the rendered text and clear the input field.
Conclusion
You just saw how to allow text input in your Phaser 3.x game. This is useful if you need to take keyboard data beyond just knowing if a key was pressed. Maybe you’re creating an online game and you need to give your player a name, or maybe there is another reason. Whatever the reason, accepting user input is valuable.
Like I had previously mentioned, you can just create HTML and absolute position it on top of your game canvas rather than embedding it in the game. The problem with this approach is that you lose out on some scaling that Phaser does as well as the deep integration into the scene. It’s possible, but if I had to recommend something, I’d recommend the approach of embedding it into the game.
Original article source at: https://www.thepolyglotdeveloper.com/
1620992479
How To Create User-Generated Content? [A Simple Guide To Grow Your Brand]
In this digital world, online businesses aspire to catch the attention of users in a modern and smarter way. To achieve it, they need to traverse through new approaches. Here comes to spotlight is the user-generated content or UGC.
What is user-generated content?
“ It is the content by users for users.”
Generally, the UGC is the unbiased content created and published by the brand users, social media followers, fans, and influencers that highlight their experiences with the products or services. User-generated content has superseded other marketing trends and fallen into the advertising feeds of brands. Today, more than 86 percent of companies use user-generated content as part of their marketing strategy.
In this article, we have explained the ten best ideas to create wonderful user-generated content for your brand. Let’s start without any further ado.
- Content From Social Media Platforms
In the year 2020, there are 3.81 million people actively using social media around the globe. That is the reason social media content matters. Whenever users look at the content on social media that is posted by an individual, then they may be influenced by their content. Perhaps, it can be used to gain more customers or followers on your social media platforms.
Generally, social media platforms help the brand to generate content for your users. Any user content that promotes your brand on the social media platform is the user-generated content for your business. When users create and share content on social media, they get 28% higher engagement than a standard company post.
Furthermore, you can embed your social media feed on your website also. you can use the Social Stream Designer WordPress plugin that will integrate various social media feeds from different social media platforms like Facebook, Twitter, Instagram, and many more. With this plugin, you can create a responsive wall on your WordPress website or blog in a few minutes. In addition to this, the plugin also provides more than 40 customization options to make your social stream feeds more attractive.
- Consumer Survey
The customer survey provides powerful insights you need to make a better decision for your business. Moreover, it is great user-generated content that is useful for identifying unhappy consumers and those who like your product or service.
In general, surveys can be used to figure out attitudes, reactions, to evaluate customer satisfaction, estimate their opinions about different problems. Another benefit of customer surveys is that collecting outcomes can be quick. Within a few minutes, you can design and load a customer feedback survey and send it to your customers for their response. From the customer survey data, you can find your strengths, weaknesses, and get the right way to improve them to gain more customers.
- Run Contests
A contest is a wonderful way to increase awareness about a product or service. Contest not just helps you to enhance the volume of user-generated content submissions, but they also help increase their quality. However, when you create a contest, it is important to keep things as simple as possible.
Additionally, it is the best way to convert your brand leads to valuable customers. The key to running a successful contest is to make sure that the reward is fair enough to motivate your participation. If the product is relevant to your participant, then chances are they were looking for it in the first place, and giving it to them for free just made you move forward ahead of your competitors. They will most likely purchase more if your product or service satisfies them.
Furthermore, running contests also improve the customer-brand relationship and allows more people to participate in it. It will drive a real result for your online business. If your WordPress website has Google Analytics, then track contest page visits, referral traffic, other website traffic, and many more.
- Review And Testimonials
Customer reviews are a popular user-generated content strategy. One research found that around 68% of customers must see at least four reviews before trusting a brand. And, approximately 40 percent of consumers will stop using a business after they read negative reviews.
The business reviews help your consumers to make a buying decision without any hurdle. While you may decide to remove all the negative reviews about your business, those are still valuable user-generated content that provides honest opinions from real users. Customer feedback can help you with what needs to be improved with your products or services. This thing is not only beneficial to the next customer but your business as a whole.
Reviews are powerful as the platform they are built upon. That is the reason it is important to gather reviews from third-party review websites like Google review, Facebook review, and many more, or direct reviews on a website. It is the most vital form of feedback that can help brands grow globally and motivate audience interactions.
However, you can also invite your customers to share their unique or successful testimonials. It is a great way to display your products while inspiring others to purchase from your website.
- Video Content
A great video is a video that is enjoyed by visitors. These different types of videos, such as 360-degree product videos, product demo videos, animated videos, and corporate videos. The Facebook study has demonstrated that users spend 3x more time watching live videos than normal videos. With the live video, you can get more user-created content.
Moreover, Instagram videos create around 3x more comments rather than Instagram photo posts. Instagram videos generally include short videos posted by real customers on Instagram with the tag of a particular brand. Brands can repost the stories as user-generated content to engage more audiences and create valid promotions on social media.
Similarly, imagine you are browsing a YouTube channel, and you look at a brand being supported by some authentic customers through a small video. So, it will catch your attention. With the videos, they can tell you about the branded products, especially the unboxing videos displaying all the inside products and how well it works for them. That type of video is enough to create a sense of desire in the consumers.
#how to get more user generated content #importance of user generated content #user generated content #user generated content advantages #user generated content best practices #user generated content pros and cons
1597489568
Dynamically Add/Remove Multiple input Fields and Submit to DB with jQuery and Laravel
In this post, i will show you how to dynamically add/remove multiple input fields and submit to database with jquery in php laravel framework. As well as, i will show you how to add/remove multiple input fields and submit to database with validation in laravel.
dynamically add remove multiple input fields and submit to database with jquery and laravel app will looks like, you can see in the following picture:
Laravel - Add/Remove Multiple Input Fields Using jQuery, javaScript
Follow the below given easy step to create dynamically add or remove multiple input fields and submit to database with jquery in php laravel
- Step 1: Install Laravel App
- Step 2: Add Database Details
- Step 3: Create Migration & Model
- Step 4: Add Routes
- Step 5: Create Controller by Artisan
- Step 6: Create Blade View
- Step 7: Run Development Server
https://www.tutsmake.com/add-remove-multiple-input-fields-in-laravel-using-jquery/
#laravel - dynamically add or remove input fields using jquery #dynamically add / remove multiple input fields in laravel 7 using jquery ajax #add/remove multiple input fields dynamically with jquery laravel #dynamically add multiple input fields and submit to database with jquery and laravel #add remove input fields dynamically with jquery and submit to database #sql
1615804098
Limit Input Characters using HTML CSS & JavaScript
In this video, I have shown how to limit the number of characters allowed in the form input using only HTML CSS & JavaScript.
#animated input field #how limit input characters in javascript #input field animation #limit input characters
1586924820
Reflectly Inspired Login Screen Animation in Flutter (Part 1) | Flutter Animation Tutorial
In this video, I am going to teach u how to Create Login screen like Refleclty Login screen which is Really Great in the terms of the Animation & Ui So You can use this Code to make ur Flutter apps great
Previous Video:
How to Create a Bouncing Button in Flutter = https://youtu.be/uaO74mPoYo8
If you liked the app give this repo a Star
Bouncing Button Code: https://github.com/sagarshende23/bouncing_button_flutter
Reflectly-Inspired Like Login Page: https://github.com/sagarshende23/reflectly-like-loginpage-flutter
Github Profile: https://sagarshende23.github.io/
Check out our Website for more Flutter Tutorials
https://alltechsavvy.com
Reflectly Inspired Login Screen Animation in flutter (Part 1) | Flutter Animation Tutorial
#reflectly login screen #reflectly inspired login screen #reflectly inspired login screen animation in flutter #reflectly flutter github