| | |
| |||||||
| Register | Search | Today's Posts | Mark Forums Read |
 | XSS / Cross Site ScriptingWeb Design Tutorials
|
| Tags: cross, css, hints, mysql, php, scripting, security, site, tips, xss |
| | LinkBack | Thread Tools |
08-18-2007, 11:15 PM
| ||
| ||
| XSS / Cross Site Scripting Taken from my website, dot-silver.co.uk This article will be about XSS, What is it? How to prevent it. XSS, or CSS (Not to get confused with Cascading Style Sheets), stands for Cross Site Scripting and is done when using PHP navigation. So if you are using php navigation, great, you should likely read this. Say you have your links looking like so: ?x=page and your code looks like this. Code: <?php $x = $_GET['x']; include($x.'.php'); ?> ?x=http://www.google.com That would insert google.com into the content area. Sure, that's harmless, but the idea of XSS is for malicious users can put very malicious code onto your own server and attack your server. By attacking it, this can do all sorts such as over-doing the bandwidth, or trying to hack into accounts or event modify information. This could be somewhat like the following url. ?x=http://www.site.com/bad/script/to/hack Not good right? But how do you over come this? Simple really, if you put all of your pages into a folder, such as pages, then you've finally overcome XSS. Here's the code. Code: <?php
$x = $_GET['x'];
include('/pages/'.$x.'.php');
?> http://www.yoursite.com/pages/$x.php and not $x.php |
Linear Mode
