GET request in the body of GET request

I’m testing some of API endpoints aaand with some arbitrary crazy tests, like:

GET /products/items HTTP/1.1 Host: api.companysite.com Content-Type: application/xml User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/26.0.1410.43 Safari/535.12 Connection: keep-alive Content-Length: 47  GET /robots.txt HTTP/1.1 Host: app.companysite.com 

Where that GET /robots HTTP/1.1 part is in body of GET /products/items request, I received even craziest response:

HTTP/1.1 400 Bad Request Access-Control-Allow-Origin: * Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Content-Type: application/json; charset=UTF-8 Expires: 0 Last-Modified: 2019-09-19 07:19:08.998002474 +0000 UTC Pragma: no-cache Strict-Transport-Security: max-age=31536000; Vary: Origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Length: 71 Date: Thu, 19 Sep 2019 07:19:09 GMT Connection: keep-alive  {"status":"ERROR","message":"No Authorization header","code":"AUTH01"} HTTP/1.1 200 OK Content-Type: text/plain Last-Modified: Thu, 12 Sep 2019 09:37:21 GMT ETag: "5d7a11d1-36" X-Frame-Options: DENY Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block CF-Visitor: {scheme:https} Cache-Control: max-age=1066261 Expires: Tue, 01 Oct 2019 15:30:10 GMT Date: Thu, 19 Sep 2019 07:19:09 GMT Content-Length: 54 Connection: keep-alive  User-agent: * Sitemap: https://app.companysite.com/sitemap.xml 

I know that this 400 response code is because of body in GET request, what about that second part of this response? Why I’m able to send two different requests using one GET request? It is not the request smuggling attack, there are no CL.TE, TE.CE, TE.TE headers and obviously there are no POST requests. What is going on over there, what do you think?

how to make a http request in jsonp callback?

I’m trying a xss challenge. I found an exploit that breaks CSP by using a JSONP callback. I can get an alert to pop up by putting something like

<script src="https://whitelisted.jsonp?callback=alert#1"></script> 

But I’m having trouble trying to get it to send an httprequest.

I’ve tried putting functions changing window.location, but it doesn’t seem to execute any of my anon functions.

Thanks

Bad Request 400 when uploading file to Sharepoint Online document library

I am trying to upload a file to a document library and keep getting a statusCode of 400 with the text just saying “Bad Request.” I was rifling through some other forums and saw that the API could potentially not have the right permissions but I haven’t been able to figure out how to even check that, let alone set it to have full control.

Additionally, the site where the document library lives is a subsite, so I’m not sure if that has an effect on what I’m trying to do but I haven’t seen an example where the library lives in a subsite to know if it does affect anything.

Here is my code, site name removed for client privacy, (largely taken from this post):

function dofunc() {     var control = document.getElementById("elementIDHere");     control.addEventListener("change", fdocattach, false); }  var file; var contents;  function fdocattach(event) {     var i = 0,     files = event.srcElement.files,     len = files.length;      for (; i < len; i++) {         console.log("Filename: " + files[i].name);         console.log("Type: " + files[i].type);         console.log("Size: " + files[i].size + " bytes");     }      if (!window.FileReader) {         alert("The FileSystem APIs are not fully supported in this browser.");         return false;     }                 if (files.length > 0) {         file = files[0];         fileName = file.name;          var reader = new FileReader();         reader.onload = fonload;          reader.onerror = function(event) {             console.error("File reading error " + event.target.error.code);         };         reader.readAsArrayBuffer(file);     }            return false; }  function _arrayBufferToBase64(buffer) {     var binary = ''     var bytes = new Uint8Array(buffer)     var len = bytes.byteLength;     for (var i = 0; i < len; i++) {         binary += String.fromCharCode(bytes[i])     }     return binary;  }  function fonload(event) {     contents = event.target.result;             $  .getScript("sitename/subsite/_layouts/15/SP.RequestExecutor.js", fonload2); }  function fonload2() {     var contents2 = _arrayBufferToBase64(contents);      var createitem = new SP.RequestExecutor("sitename/subsite");     createitem.executeAsync({         url: "sitename/subsite/_api/web/GetFileByServerRelativeUrl('/documentLibraryName')/Files/add(url='" + file.name + "',overwrite=true)",         method: "POST",         binaryStringRequestBody: true,         body: contents2,         success:  fsucc,         error: ferr         state: "Update"     });      function fsucc(data)     {         alert('success');     }            function ferr(data)     {         alert('error\n\n' + data.statusText + "\n\n" + data.responseText);     }        } 

400 Bad request while submitting form using AJAX

I am poor in AJAX and trying to submit the form and insert the record to the custom table since a couple of days but not getting it to work.

I am getting 400 Bad request error on console. Please have a look at the code.

In fact, I have tried multiple ways to submit data but none of them works.

HTML

<form class="addtocartform" id="gsAddToCart" method="POST">     <label class="gs-label" for="options">Options</label>     <select class="gs-select-box" id="product_option" name="product_option">         <option value="0">Somnath</option>         <option value="1">Dwarka</option>         <option value="2">Rameshwaram</option>     </select>     <label class="gs-label" for="qty">Qty.</label>     <input class="gs-number" id="qty" min="1" name="qty" step="1" type="number" value="1">          <button class="gs-button order-button add-to-cart-button">             <i class="fa fa-cart-plus"></i>             <span class="gs-button-label">Add to Cart</span>         </button>          <input id="product" name="product" type="hidden" value="160"/>         <input id="group_id" name="group_id" type="hidden" value="194"/>     </input> </form> 

WordPress Hooks – Enqueue scripts

function gs_enqueue_ajax_scripts() {      wp_register_script('gs-ajax', GROUP_SHOP_ROOT . 'public/js/add-to-cart-ajax.js', ['jquery'], 1.0, TRUE);     wp_localize_script('gs-ajax', 'ajax_vars', [         'ajax_url' => admin_url('admin-ajax.php'),         'nonce'    => wp_create_nonce('gs_nonce'),     ]);     wp_enqueue_script('gs-ajax');  }  add_action('wp_enqueue_scripts', 'gs_enqueue_ajax_scripts'); 

WordPress Hooks – Process and Insert Data

function gs_add_to_cart_ajax() {      check_ajax_referer('gs_nonce', $  _POST[ 'nonce' ], FALSE);      // validating stuffs ..      $  cart = new Group_Shop_Cart();     $  cart->add_to_cart($  _POST[ 'group_id' ], $  _POST[ 'product' ], $  _POST[ 'qty' ], $  _POST[ 'product_option' ]);      wp_die(); }  add_action('wp_ajax_gs_add_to_cart_ajax', 'gs_add_to_cart_ajax'); add_action('wp_ajax_nopriv_gs_add_to_cart_ajax', 'gs_add_to_cart_ajax'); 

Javascript

(function ($  ) {      $  (document).on("click", ".add-to-cart-button", function () {          let data = JSON.stringify({             action: 'gs_add_to_cart_ajax',             group_id: $  ('#group_id').val(),             product: $  ('#product').val(),             qty: $  ('#qty').val(),             product_option: $  ('#product_option').val(),         });          $  ('form.addtocartform').on('submit', function (e) {             e.preventDefault();              $  .ajax({                  method: 'POST',                 dataType: 'json',                 nonce: ajax_vars.nonce,                 url: ajax_vars.ajax_url,                 data: data,                 success: function (response) {                     alert("Success");                 }              });         });      });  })(jQuery); 

I have no idea what is wrong in this code that not submitting.

Modified Code

$  .ajax({      method: 'POST',     dataType: 'json',     nonce: ajax_vars.nonce,     url: ajax_vars.ajax_url,     data: {         action: 'gs_add_to_cart_ajax',         group_id: $  ('#group_id').val(),         product: $  ('#product').val(),         qty: $  ('#qty').val(),         product_option: $  ('#product_option').val(),     },     success: function (response) {         alert("Success");     }  });  

JWT: In a server-to-server request, should I sign the entire request body?

Let’s set the scene with two servers:

  1. an “auth” server which provides users with authorization tokens containing claims relevant to their account
  2. a “paywall” server, which after receiving payment from a user, will send a request to the auth server to add the “premium” claim to the user’s account (and also this server can serve out restricted content to users who have the claim)

Both servers have access to a shared secret key, so the paywall server can verify the user’s claim to view restricted content.

I want to verify that any claim-altering-requests which the auth server receives are actually coming from my trusted paywall server.

My thinking is that the paywall server should simply sign every claim-altering-request in its entirety within a JSON Web Token, such that the auth server can verify the identity of the sender, and also verify that none of the requests have been tampered with.

In this case, it seems like the entire request body would simply be one big JSON Web Token (instead of a mere Authorization header) because I can’t trust any data which isn’t signed within the JWT.

Does this reasoning make sense, or is this overkill? is my solution redundant? perhaps HTTPS can already effectively solve this problem? I think of HTTPS as a means to secure the communications between two points, however, this might not guarantee the identity of either end?

How to create a Request Http “GET” to url

I want to make a request http Webservice API to

https://sms.vietguys.biz/api/u=[user]&pwd=[password]&from=[Title]&phone=[phonenumber]&sms=[ContentSMS]

using javascript.

Can I do this on Sharepoint Online ?

When I handle by below code:

var urlstring =`https://sms.vietguys.biz/api/u=[user]&pwd=[password]&from=[Title]&phone=[phonenumber]&sms=[ContentSMS]`; $  .ajax({     url: urlstring,     success: function (data) {          //do smth with data     },     error: function(a,m){        //process error     } 

I got this error:

XMLHttpRequest cannot load .No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://benhvienthuduc.sharepoint.com’ is therefore not allowed access. The response had HTTP status code 404.

Https POST Request for POST Parameters

im looking to allow a previously GET request of a url like: myurl.com/site/id/1 where the value 1 in this case – is a pseudo random and not too difficult to guess.

I’m looking to bring this id/1 key/value into my request BODY .

Is this more secure by using POST and putting the key and value into the request BODY, than using GET and having it in the url ?

How can I make this even more secure?