문제

Can anyone please tell me how to perform Cross Site Scripting (XSS) in a website?What are the different types of scripts that can be inserted into textboxes,addressbar?

도움이 되었습니까?

해결책

cross site scripting (xss) apper when you tring to print un filtered variable

simply he can use javascript codes like <script>alert(1)</script>

and any other html or js codes

to secure it i think you can use

htmlspecialchars() , htmlentites() , strip_tags()

but there is way to bypass htmlspecialchars only if magic_quotes is off and variable is on link

here can use onmouseout='alert(1)'

or some thing like this

there is the way to test and defend

bestregards

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top