Cross-Site Scripting and How To Avoid It
April 13th, 2007 Noor
Warning: copy() [function.copy]: Filename cannot be empty in /home/xnoor/public_html/wp-content/plugins/mytube/mytube.php on line 220
| Any web application that displays users input and displays it is at risk,web-based email applications, forums, guestbooks, and even blog aggregators. most of the web application displays data of sometype, that’s why it makes them at risk.If this input (to be an output later) is not properly filtered and escaped, a cross-site scripting vulnerability exists. |
| Consider a web application that allow users to add comments on each picture or an article, the application would display the comments like this |
| Only if you trust your users so much you could display them this way but imagine that $name. Imagine that one of them contained the following: |
| If this comment is sent to your users, it is no different than if you had allowed someone else to add this bit of JavaScript to your source. Your users will involuntarily send their cookies (the ones associated with your application) to evil.example.org, and the receiving script steal.php can access all of the cookies in $_GET[’cookies’]. |
| To solve this problem you should filter input and output, but the least you can do about it is to escape data sent to cleints, use htmlentities( ) function. It converts all special characters into their HTML entity equivalents. Thus, any character that the browser interprets in a special way is converted to its HTML entity equivalent so that its original value is preserved. |
| that’s all from me folks, |
| Regards, |
| Noor |
Posted in PHP | No Comments »
