How to perform Cross Site Scripting(XSS) [closed]
-
06-02-2021 - |
문제
Can anyone please tell me how to perform Cross Site Scripting (XSS) in a website?What are the different types of scripts that can be inserted into textboxes,addressbar?
해결책
cross site scripting (xss) apper when you tring to print un filtered variable
simply he can use javascript codes like <script>alert(1)</script>
and any other html or js codes
to secure it i think you can use
htmlspecialchars() , htmlentites() , strip_tags()
but there is way to bypass htmlspecialchars only if magic_quotes is off and variable is on link
here can use onmouseout='alert(1)'
or some thing like this
there is the way to test and defend
bestregards
제휴하지 않습니다 StackOverflow