PHP Developers Network
http://forums.devnetwork.net/

XSS URL attack prevention
http://forums.devnetwork.net/viewtopic.php?f=34&t=142601
Page 1 of 1

Author:  paul8088 [ Mon May 30, 2016 10:32 pm ]
Post subject:  XSS URL attack prevention

I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Syntax: [ Download ] [ Hide ]
/"><script>alert('hacked')</script>
/>"
><script>alert("XSS")</script>&
on my [url]127.0.0.1/myweb/home.php?u=paul[/url] and then this is the result: [url]127.0.0.1/myweb/home.php/"><script>alert('hacked')</script>/>"><script>alert("XSS")</script>&?u=daniel[/url]. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.

Author:  Celauran [ Tue May 31, 2016 6:19 am ]
Post subject:  Re: XSS URL attack prevention

Start with this: http://php.net/manual/en/function.htmlspecialchars.php

Author:  Vegan [ Mon Dec 12, 2016 10:12 pm ]
Post subject:  Re: XSS URL attack prevention

paul8088 wrote:
I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Syntax: [ Download ] [ Hide ]
/"><script>alert('hacked')</script>
/>"
><script>alert("XSS")</script>&
on my [url]127.0.0.1/myweb/home.php?u=paul[/url] and then this is the result: [url]127.0.0.1/myweb/home.php/"><script>alert('hacked')</script>/>"><script>alert("XSS")</script>&?u=daniel[/url]. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.


I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.

Author:  Celauran [ Tue Dec 13, 2016 9:02 am ]
Post subject:  Re: XSS URL attack prevention

Vegan wrote:
paul8088 wrote:
I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Syntax: [ Download ] [ Hide ]
/"><script>alert('hacked')</script>
/>"
><script>alert("XSS")</script>&
on my [url]127.0.0.1/myweb/home.php?u=paul[/url] and then this is the result: [url]127.0.0.1/myweb/home.php/"><script>alert('hacked')</script>/>"><script>alert("XSS")</script>&?u=daniel[/url]. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.


I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.

No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.

Author:  Christopher [ Tue Dec 13, 2016 5:03 pm ]
Post subject:  Re: XSS URL attack prevention

Celauran wrote:
No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.

Yes, this is exactly right. CSS and SQL injection can happen on public search forms, login pages, etc. that are irrelevant to password security. And yes, strong password are still a good thing.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/