A Quick Look at Cross Site Scripting - What is Cross Site Scripting? (
Page 2 of 6 )
To understand what Cross Site Scripting is, let’s see a usual situation, common to many sites. Let’s say we are taking some information passed in on a querystring (the string after the (?) character within a URL), with the purpose of displaying the content of a variable, for example, the visitor’s name:
http://www.yourdomain.com/welcomedir/welcomepage.php?name=John
As we can see in this simple querystring, we are passing the visitor’s name as a parameter in the URL, and then displaying it on our “welcomepage.php” page with the following PHP code:
<?php
echo ‘Welcome to our site ’ . stripslashes($_GET[‘name’]);
?>
The result of this snippet is shown below:
Welcome to our site John
This is pretty simple and straightforward. We’re displaying the content of the “name” variable, by using the $_GET superglobal PHP array, as we have done probably hundreds of times. Everything seems to be fine. Now, what’s wrong with this code? Nothing really. But let’s modify the querystring by replacing our visitor’s name passed in the URL:
http://www.yourdomain.com/welcomedir/
welcomepage.php?name=John
with something like this:
http://www.yourdomain.com/welcomedir/
welcomepage.php?name=
<script language=javascript>alert
(‘Hey, you are going to be hijacked!’);</script>
Do you remember the PHP code included in our “welcome.php” page? Yes, you’re correct. When we modify the querystring, the following code is executed:
<?php
echo ‘Welcome to our site ‘ .
<script language=javascript> alert(‘Hey, you are going
to be hijacked!’);</script>
?>
The output of this code is an alert JavaScript box telling you “Hey, you are going be hijacked!” after the “Welcome to our site” phrase.
Very ugly stuff, right? That’s a simple example of the Cross Site Scripting vulnerability. This means that any pasted JavaScript code into the URL will be executed happily with no complaints at all.
Keep reading. There‘s more yet to be revealed!
| | Discuss A Quick Look at Cross Site Scripting | | | | | | | Woah, the possibilities of this have never crossed my mind. Great article! | | | | | | Um, how is this solution better than using such built-in PHP functions as... | | | | | |
I always use this:
<?php
/**
* Remove slashes, tags and ASCIIZ from GET,... | | | | | | You *never* *ever* do something like:
echo $_GET['variable'];
this does not... | | | | | | Hello,
I'm the author of the article.Cheers.
I totally agree that echoing GET... | | | | | | Hello,
Because I wrote the article, I must thank you for the comment. It's great... | | | | | | Hello again,
Also,it's worthy considering that JavaScript embbeded into links, is... | | | | | | I don't think this article creates a real scary threat, If you use javascript to... | | | | | | Hello,
Thank you for commenting on my article. With regard to your comment I must... | | | | | | the problem is you're not actually *validating* your input. You're just altering it... | | | | | | Thank you for your comments on this article. Well, you're correct when you say the... | | | | | | First it need to be noted that no php security scripting will replace a improperly... | | | | | | whichever admin reviewed the above scripts i submitted screwed them up.
there... | | | | | | here is the second one that requires CCISECURITY.PHP
<?php
#####
#
# ... | | | | | | here is the third one i mentioned .
it is a stand-alone secueirty class providing... | | | | | | Thank you for posting this extremely useful set of classes with reference to... | | | | | | As I posted before, I greatly appreciate the group of excellent classes you listed... | | | | | | >>> Post your comment now! | | | | | |
|
 |
