Table Columns with Complex Structures (fields under it, that can have fields underneath too-like nested ones)in a few of its col

This is for Web Application. I am looking for tabular UIs that doesn’t have nesting but is able to show a child row under a parent row and those children can have further children and so on. My limitation is not to use nesting. Any leads or ideas around it?enter image description here

How to parse JSON to return null as default if complex object empty/null/undefined?

Using HTTP Request to get SP item, having trouble parsing JSON to return anything for null object.

Can return null for an empty string column as shown below, how to do so for a more complex object like a lookup if no value selected?

{ "type": "object", "properties": {     "Area": {         "type": "object",         "properties": {             "Id": {                 "type": "integer"             }         }     },     "Package": {         "type": ["string","null"]     } } 

If object doesn’t exist in JSON output, can’t run logic against it (if null do this, else do that)

Is it recommended to have tab index navigation for complex web application?

I am doing requirement gathering for a complex in house web application. My customer is adamant to have keyboard tab index interaction for the application along with regular mouse interaction. My research says, there is no user who is physically challenged, may require tab index interactions.

What is the value add if we incorporate tab index interaction across application? What are the pro and cons to have tab index in a complex web application?

Thanks-

Selecting a polygon within an array of complex polygons

I have an array of polygons which are arrays of points. There are no gaps and none of them overlap like a Voronoi diagram.

Unlike a Voronoi diagram I cannot simply find the nearest centroid to select a polygon, this returns the correct polygon most of the time but sometimes the point lies within a neighboring polygon.

The developer tools in my chrome browser seem to be able to do it with the selection tool but I have no idea how it is doing it.

Complex Professional Infographics for $50

Infographic is an effective way to make complex topics simple. I will revamp your complex data into awesome infographics solutions using the latest graphic design trends. Provided source file is fully scalable, editable file. You can edit it in Adobe Illustrator. It´s recommended for future changes, exporting other types of files etc. Why me: 100% unique and professional workProvide you all file format like jpg, png, pdf, etc.All size resolutions available A4, A3, A2, Web Quality or any custom size.Revisions includedCreative and modern design Thank you for checking my PROFESSIONAL INFOGRAPHIC DESIGN. Looking forward to work with you.

by: Maxved
Created: —
Category: Art & Design
Viewed: 268


Namimg Methods – How to name method with complex execution sequence?

This question: https://stackoverflow.com/questions/1866794/naming-classes-how-to-avoid-calling-everything-a-whatevermanager contains many examples of suffixes and prefixes that can be used to come up with precise name for your class.

What about methods? For example, how to name a method that should execute some action upon validation of some state – ExecuteIfSomething, if we imagine that some transition in state should be executed after checking if something is true – ValidateTransition (kind of ok, but reading it makes me think that it should just validate something – not additionally execute some action), TranslateUponValidation?

It would be very useful to have list of common parts that can be added to action/topic/… to describe method.

Here are some that I can come up with at the moment:

  • Get
  • Set
  • Contains
  • Add
  • Remove
  • Push
  • Pop
  • Clear
  • Close
  • Lock
  • Open
  • Unlock
  • Enqueue
  • Dequeue
  • Activate
  • Deactivate
  • Translate
  • Move
  • Jump
  • Fill
  • Empty
  • Draw
  • Take
  • Give
  • Stash
  • Group
  • Shuffle
  • Mix
  • Sort
  • Merge
  • Inline
  • Validate
  • Check
  • Execute
  • Apply
  • Compose
  • Decompose
  • Decay
  • Break
  • Gather
  • Fuse
  • Grow
  • Rise
  • Drop
  • Fall
  • Pick
  • Select
  • Accept
  • Decline
  • Retire
  • Upgrade
  • Degrade
  • Increase
  • Decrease
  • Stop
  • Continue
  • Pause
  • Resume
  • Process
  • Advance
  • Create
  • Destroy

Maybe, I have put too many of them.

As you can see now – many if not almost all verbs can be used depending on the situation. Using them or finding the matching one shouldn’t be a problem. The problem is on how to combine them or use some of them to describe complex situations or complex executing sequence. The one I have described as an example is the most common one that I haven’t found a good solution for. Personally I am interested in this particular one. But having some way/approach (not a formula like Object + Action + …) to define/come up with method/function names can be very useful.

Main question here is how do you name a method as the one described in the example? It might seem to be a duplicate of this question – Meaningful concise method naming guidelines – I can clarify and update my question if that is going to be required.

Namimg Methods – How to name method with complex execution sequence?

This question: https://stackoverflow.com/questions/1866794/naming-classes-how-to-avoid-calling-everything-a-whatevermanager contains many examples of suffixes and prefixes that can be used to come up with precise name for your class.

What about methods? For example, how to name a method that should execute some action upon validation of some state – ExecuteIfSomething, if we imagine that some transition in state should be executed after checking if something is true – ValidateTransition (kind of ok, but reading it makes me think that it should just validate something – not additionally execute some action), TranslateUponValidation?

It would be very useful to have list of common parts that can be added to action/topic/… to describe method.

Here are some that I can come up with at the moment:

  • Get
  • Set
  • Contains
  • Add
  • Remove
  • Push
  • Pop
  • Clear
  • Close
  • Lock
  • Open
  • Unlock
  • Enqueue
  • Dequeue
  • Activate
  • Deactivate
  • Translate
  • Move
  • Jump
  • Fill
  • Empty
  • Draw
  • Take
  • Give
  • Stash
  • Group
  • Shuffle
  • Mix
  • Sort
  • Merge
  • Inline
  • Validate
  • Check
  • Execute
  • Apply
  • Compose
  • Decompose
  • Decay
  • Break
  • Gather
  • Fuse
  • Grow
  • Rise
  • Drop
  • Fall
  • Pick
  • Select
  • Accept
  • Decline
  • Retire
  • Upgrade
  • Degrade
  • Increase
  • Decrease
  • Stop
  • Continue
  • Pause
  • Resume
  • Process
  • Advance
  • Create
  • Destroy

Maybe, I have put too many of them.

As you can see now – many if not almost all verbs can be used depending on the situation. Using them or finding the matching one shouldn’t be a problem. The problem is on how to combine them or use some of them to describe complex situations or complex executing sequence. The one I have described as an example is the most common one that I haven’t found a good solution for. Personally I am interested in this particular one. But having some way/approach (not a formula like Object + Action + …) to define/come up with method/function names can be very useful.

Main question here is how do you name a method as the one described in the example? It might seem to be a duplicate of this question – Meaningful concise method naming guidelines – I can clarify and update my question if that is going to be required.

Namimg Methods – How to name method with complex execution sequence?

This question: https://stackoverflow.com/questions/1866794/naming-classes-how-to-avoid-calling-everything-a-whatevermanager contains many examples of suffixes and prefixes that can be used to come up with precise name for your class.

What about methods? For example, how to name a method that should execute some action upon validation of some state – ExecuteIfSomething, if we imagine that some transition in state should be executed after checking if something is true – ValidateTransition (kind of ok, but reading it makes me think that it should just validate something – not additionally execute some action), TranslateUponValidation?

It would be very useful to have list of common parts that can be added to action/topic/… to describe method.

Here are some that I can come up with at the moment:

  • Get
  • Set
  • Contains
  • Add
  • Remove
  • Push
  • Pop
  • Clear
  • Close
  • Lock
  • Open
  • Unlock
  • Enqueue
  • Dequeue
  • Activate
  • Deactivate
  • Translate
  • Move
  • Jump
  • Fill
  • Empty
  • Draw
  • Take
  • Give
  • Stash
  • Group
  • Shuffle
  • Mix
  • Sort
  • Merge
  • Inline
  • Validate
  • Check
  • Execute
  • Apply
  • Compose
  • Decompose
  • Decay
  • Break
  • Gather
  • Fuse
  • Grow
  • Rise
  • Drop
  • Fall
  • Pick
  • Select
  • Accept
  • Decline
  • Retire
  • Upgrade
  • Degrade
  • Increase
  • Decrease
  • Stop
  • Continue
  • Pause
  • Resume
  • Process
  • Advance
  • Create
  • Destroy

Maybe, I have put too many of them.

As you can see now – many if not almost all verbs can be used depending on the situation. Using them or finding the matching one shouldn’t be a problem. The problem is on how to combine them or use some of them to describe complex situations or complex executing sequence. The one I have described as an example is the most common one that I haven’t found a good solution for. Personally I am interested in this particular one. But having some way/approach (not a formula like Object + Action + …) to define/come up with method/function names can be very useful.

Main question here is how do you name a method as the one described in the example? It might seem to be a duplicate of this question – Meaningful concise method naming guidelines – I can clarify and update my question if that is going to be required.

Namimg Methods – How to name method with complex execution sequence?

This question: https://stackoverflow.com/questions/1866794/naming-classes-how-to-avoid-calling-everything-a-whatevermanager contains many examples of suffixes and prefixes that can be used to come up with precise name for your class.

What about methods? For example, how to name a method that should execute some action upon validation of some state – ExecuteIfSomething, if we imagine that some transition in state should be executed after checking if something is true – ValidateTransition (kind of ok, but reading it makes me think that it should just validate something – not additionally execute some action), TranslateUponValidation?

It would be very useful to have list of common parts that can be added to action/topic/… to describe method.

Here are some that I can come up with at the moment:

  • Get
  • Set
  • Contains
  • Add
  • Remove
  • Push
  • Pop
  • Clear
  • Close
  • Lock
  • Open
  • Unlock
  • Enqueue
  • Dequeue
  • Activate
  • Deactivate
  • Translate
  • Move
  • Jump
  • Fill
  • Empty
  • Draw
  • Take
  • Give
  • Stash
  • Group
  • Shuffle
  • Mix
  • Sort
  • Merge
  • Inline
  • Validate
  • Check
  • Execute
  • Apply
  • Compose
  • Decompose
  • Decay
  • Break
  • Gather
  • Fuse
  • Grow
  • Rise
  • Drop
  • Fall
  • Pick
  • Select
  • Accept
  • Decline
  • Retire
  • Upgrade
  • Degrade
  • Increase
  • Decrease
  • Stop
  • Continue
  • Pause
  • Resume
  • Process
  • Advance
  • Create
  • Destroy

Maybe, I have put too many of them.

As you can see now – many if not almost all verbs can be used depending on the situation. Using them or finding the matching one shouldn’t be a problem. The problem is on how to combine them or use some of them to describe complex situations or complex executing sequence. The one I have described as an example is the most common one that I haven’t found a good solution for. Personally I am interested in this particular one. But having some way/approach (not a formula like Object + Action + …) to define/come up with method/function names can be very useful.

Main question here is how do you name a method as the one described in the example? It might seem to be a duplicate of this question – Meaningful concise method naming guidelines – I can clarify and update my question if that is going to be required.

Complex XSS exploitation scenario [on hold]

I want to exploit XSS vulnerability. But my exploitation scenario is a bit different rather than just stealing cookies via XSS, sending them to attacker’s website and reusing them later (life is hard).

We have a self-written forum with 3 user levels:

  • user (he is a noob)
  • moderator (can ban/unban users, delete messages, close topics)
  • administrator (god_mode=ON)

We have several pitfalls during the exploitation process:

  • First of all we are just a regular user
  • Session-cookie has HttpOnly=1 flag enabled. So we cannot just steal cookies and login as moderator/admin
  • Actions like ban/unban user, delete/create topic, delete/post message require anti-CSRF tokens. So we need to collect those tokens with XSS.
  • We know that moderator/admin has additional buttons, extra pages. They have a very special extended functionality (interface) to administrate that forum. Since we are just a regular user we don’t how their interface exactly looks like, hence we’ll call it unknown interface (We can compare it to stackoverflow‘s or facebook‘s mod/admin browser web interface). So obviously we need to explore it in real time.
  • We know that phpmyadmin is installed (e.g. from some log files), but it is only accessible from local network (IP check/firewall). Only admin can access it (because his IP matches). So we need that XSS to login as admin via his active browser into phpmyadmin (we found via arbitrary file read vulnerability credentials from database)
  • Since IP checks are implemented there are several pages that can be accessed only by administrator from his local network. If we try to access them from outside, they will return 404 not found. Hence we need admin‘s browser (with his IP) to scan that site with tools like: DirBuster, sqlmap, etc. So we need some sort of API. And yes I would like to perform internal network attacks (source (PDF, thesis))
  • XSS needs to survive closing a tab (where user/admin/mod got injected) = we need some sort of persistency (our XSS is non-persistent =( ). Persistency must be as silent as possible, so no huge Pop-Ups – that would be silly.
  • Our exploitation trials are limited (admin will notice the exploit OR admin will drive away for X weeks and we will need to wait so far OR admin is just a headless chrome 😉 OR …). So we have a very limited time frame where we can exploit that. so we need to do everything in live mode here and now: sending payloads, exploiting CVEs / sending Server/Browser exploits, analysis, scans, …
  • I am sitting behind a NAT (just like everyone out there) and no, my router doesn’t support port forwarding (… and if it would be, wouldn’t it be a total overkill to just exploit a stupid XSS?) , but I would like to exploit XSS from my computer, locally. I wished I could just use BeEF on my local machine without installing it on a public server. Drop some PHP-Script or create a proxy on that (my own personal, of course not that vulnerable forum, lol) public server would be OK, since we need to communicate through the NAT.
  • If we find a way to login as mod/admin (e.g. password bruteforce) our IP will be recorded and XSS will be fixed immediately, password will get changed, attacking user will get banned and blocked by IP (we live in a mad world). So we need to exploit it quietly only by using this XSS.

I have my own (maybe it was hacked too, but who cares) public, buggy, outdated, unusable, where most of cybersec tools won’t work without upgrading to a newer version FreeBSD 11.1 server with root access (actually it is only a local VirtualBox, but imagine it is public). I tested it with several tools and failed epicly:

  • JSShell (requires special python packages like werkzeug, flask, etc. etc. after installing all of them it still fails (in comparison SQL injection tool sqlmap works like a charm just by installing it as pkg install sqlmap with default python 2.7 shipped with FreeBSD)).
  • BeEF (ufff, this is a tough one. requires ruby. there are problems with libdl.so (on FreeBSD 11.1) because it requires that library to compile some code. So it doesn’t work, because this library is missing and it seems there is no way to compile that library by myself. I spent several days googling for solutions, compiling my own stuff etc. really a headache. Upgrading to FreeBSD 11.2 or 12.* or switching to some other OS‘s is not an option, sorry. I really love my buggy FreeBSD 11.1 because I managed somehow to install php and stuff. no ruby. forget about ruby (I really like it, but it is not working).)
  • xssshell-xsstunnell (XSS Shell uses ASP + MS Access database. So, no)
  • JShell (written in python. obviously too simple for my purpose)

All server headers are “fine” (from attackers perspective) it the sense that XSS is well exploitable. We can bypass NoScript, uMatrix, Chromes Auditor, etc.

How can I exploit it? Which tools will work? Are there any alternatives to BeEF which I don’t know (please, no ruby, please) which are perfectly designed to exploit that? I really want to hack Chuck Norris <3

Reminder: I don’t need XSS scanning tool. I need an XSS exploitation tool (or maybe multiple XSS exploitation tools which then I just could connect like bricks with each other?) without installing fancy packages – solution should be portable or at least majority of features of that wish tool has to work without breaking the whole tool. Like sqlmap it has to be easy to install without additional headache.