Code: Select all
/"><script>alert('hacked')</script>
/>"><script>alert("XSS")</script>&
Moderator: General Moderators
Code: Select all
/"><script>alert('hacked')</script>
/>"><script>alert("XSS")</script>&
I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.paul8088 wrote:I am beginner and I am struggling with kind of attack called (XSS). I tried this codeson my 127.0.0.1/myweb/home.php?u=paul and then this is the result: 127.0.0.1/myweb/home.php/"><script>aler ... &?u=daniel. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.Code: Select all
/"><script>alert('hacked')</script> />"><script>alert("XSS")</script>&
No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.Vegan wrote:I recommend using a secure password for your site, ftp credentials or WP as the case may be. This will keep miscreants out.paul8088 wrote:I am beginner and I am struggling with kind of attack called (XSS). I tried this codeson my 127.0.0.1/myweb/home.php?u=paul and then this is the result: 127.0.0.1/myweb/home.php/"><script>aler ... &?u=daniel. And now it appears that my web page is been hacked, I do not have any security or validation code to prevent this so I am looking for sample codes, or advices to apply on my application thank you.Code: Select all
/"><script>alert('hacked')</script> />"><script>alert("XSS")</script>&
Yes, this is exactly right. CSS and SQL injection can happen on public search forms, login pages, etc. that are irrelevant to password security. And yes, strong password are still a good thing.Celauran wrote:No, no it won't. If your site is vulnerable to cross site scripting, having a "secure password" won't do anything to prevent that. Ditto SQL injection and other common vulnerabilities. Secure passwords are great, but they're not a panacea.