03 September 2009

Cross Site scripting

Setup the WampServer as explained here
------------------test.php------------------
<?php echo "Welcome to our site " . stripslashes($name); ?>
--------------------------------------------
-> http://localhost/test.php?name=John
-> http://localhost/test.php?name=<script language=javascript>alert('Hey, you are going to be hijacked!');</script>"
-> http://localhost/test.php?name=<script language=javascript>setInterval("window.open('http://www.google.com','innerName')",1000);</script>
--------------------------------------------

------------------test1.php------------------
<?php 
function validateQueryString ( $queryString , $min=1, $max=32 ) {
  if ( !preg_match( "/^[a-zA-Z0-9]{".$min.",".$max."}$/", $queryString ) ) {
    return false;
  }
  return true;
}

if ( !validateQueryString ( $name ) ) {
  echo "The cross site scripting is not allowed.";
}
else {
  echo "Welcome to our site " . stripslashes($name);
}
?>
--------------------------------------------
-> http://localhost/test2.php?name=John
-> http://localhost/test1.php?name=<script language=javascript>alert('Hey, you are going to be hijacked!');</script>
--------------------------------------------

Reference:
Acunetix Web Vulnerability Scanner
Paros - for web application security assessment
Rational AppScan Standard Edition V7.8
A Quick Look at Cross Site Scripting
Posted by ~mE at 12:28
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)