10.19
What does XSS look like? How can we determine if a sites has been attacked, or if it’s code is vulnerable? The exploid usually looks something like this:
<script>alert('XSS!');</script>A normal user should not be able to execute javascript on anyone elses client to the site. If input like that gets stored anywhere in the database and output to the user later, it could mean that their session gets stolen.
Here;s a more specific example:
<html> <head></head> <body> <form action="vuln.php" method="POST"> <input type="text" name="input" /> <input type="submit" value="XSS" /> </form> </body> </html>
An html form to test the vulnerable code.
<?php $input = $_POST['input']; echo stripslashes($input); //stripslashes just in case magic quotes is on, for demonstration ?>
The vulnerable file, vuln.php.
If you put the above input in the form, you will see something like this:
If you don’t filter for the character set {<,>,’,”,\, /} you could wind up with some nasty attacks like these. There are several ways to prevent it, from substrings to regular expressions, but if you want a quick and dirty way to solve the problem, we’ll turn to the OWASP (The Open Web Application Security Project) php sanitization library here.
You can turn the code in to this:
<?php include_once('sanitize.inc.php'); $input = sanitize($_POST['input'], 8); //the 8 is a bitwise operator that tells owasp to sanitze for html output echo stripslashes($input); //stripslashes just in case magic quotes is on, for demonstration ?>
And your code will be patched.
No Comment.
Add Your Comment