------------------test.php-------------------> http://localhost/test.php?name=John
<?php echo "Welcome to our site " . stripslashes($name); ?>
--------------------------------------------
-> http://localhost/test.php?name=<script language=javascript>alert('Hey, you are going to be hijacked!');</script>"
-> http://localhost/test.php?name=<script language=javascript>setInterval("window.open('http://www.google.com','innerName')",1000);</script>
--------------------------------------------
------------------test1.php-------------------> http://localhost/test2.php?name=John
<?php
function validateQueryString ( $queryString , $min=1, $max=32 ) {
if ( !preg_match( "/^[a-zA-Z0-9]{".$min.",".$max."}$/", $queryString ) ) {
return false;
}
return true;
}
if ( !validateQueryString ( $name ) ) {
echo "The cross site scripting is not allowed.";
}
else {
echo "Welcome to our site " . stripslashes($name);
}
?>
--------------------------------------------
-> http://localhost/test1.php?name=<script language=javascript>alert('Hey, you are going to be hijacked!');</script>
--------------------------------------------
Reference:
Acunetix Web Vulnerability Scanner
Paros - for web application security assessment
Rational AppScan Standard Edition V7.8
A Quick Look at Cross Site Scripting
No comments:
Post a Comment