Page 1 of 1
XSS URL attack prevention
Posted: Mon May 30, 2016 10:32 pm
by paul8088
I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Code: Select all
/"><script>alert('hacked')</script>
/>"><script>alert("XSS")</script>&
on my
127.0.0.1/myweb/home.php?u=paul and then this is the result:
127.0.0.1/myweb/home.php/"><script>aler ... &?u=daniel. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.
Re: XSS URL attack prevention
Posted: Tue May 31, 2016 6:19 am
by Celauran
Re: XSS URL attack prevention
Posted: Mon Dec 12, 2016 9:12 pm
by Vegan
paul8088 wrote:I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Code: Select all
/"><script>alert('hacked')</script>
/>"><script>alert("XSS")</script>&
on my
127.0.0.1/myweb/home.php?u=paul and then this is the result:
127.0.0.1/myweb/home.php/"><script>aler ... &?u=daniel. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.
I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.
Re: XSS URL attack prevention
Posted: Tue Dec 13, 2016 8:02 am
by Celauran
Vegan wrote:paul8088 wrote:I am beginner and I am struggling with kind of attack called (XSS). I tried this codes
Code: Select all
/"><script>alert('hacked')</script>
/>"><script>alert("XSS")</script>&
on my
127.0.0.1/myweb/home.php?u=paul and then this is the result:
127.0.0.1/myweb/home.php/"><script>aler ... &?u=daniel. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.
I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.
No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.
Re: XSS URL attack prevention
Posted: Tue Dec 13, 2016 4:03 pm
by Christopher
Celauran wrote:No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.
Yes, this is exactly right. CSS and SQL injection can happen on public search forms, login pages, etc. that are irrelevant to password security. And yes, strong password are still a good thing.