How to perform Cross Site Scripting(XSS) [closed]
-
06-02-2021 - |
Frage
Can anyone please tell me how to perform Cross Site Scripting (XSS) in a website?What are the different types of scripts that can be inserted into textboxes,addressbar?
Lösung
cross site scripting (xss) apper when you tring to print un filtered variable
simply he can use javascript codes like <script>alert(1)</script>
and any other html or js codes
to secure it i think you can use
htmlspecialchars() , htmlentites() , strip_tags()
but there is way to bypass htmlspecialchars only if magic_quotes is off and variable is on link
here can use onmouseout='alert(1)'
or some thing like this
there is the way to test and defend
bestregards
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow