xss attack on a php page

by

An XSS attack is one in which the page allows allows users to inject script blocks into the rendered HTML. So, first you must figure out how to do that. For instance, if the input from the user gets displayed on the page and it isn’t html escaped then a user could do the following:

User enters : 

<script>alert('testing');</script>

Following that, if when when viewing the page an alert is shown then the page is vulnerable to XSS.

Therefore if the user enters JavaScript as follows:

<script>window.location.href = "http://www.whatever.com";</script>

The user would be redirected.

More Related Contents:

  1. CodeIgniter – why use xss_clean
  2. How can I sanitize user input with PHP?
  3. What are the best practices for avoiding xss attacks in a PHP site [closed]
  4. The ultimate clean/secure function
  5. Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
  6. Best way to defend against mysql injection and cross site scripting
  7. How can I properly escape HTML form input default values in PHP?
  8. “slash before every quote” problem [duplicate]
  9. How do you set up use HttpOnly cookies in PHP
  10. how to make css work with php? [closed]
  11. How do you parse and process HTML/XML in PHP?
  12. How do you Encrypt and Decrypt a PHP String?
  13. Form inside of $.load not posting correctly
  14. SQL injections in ADOdb and general website security
  15. How can I replace newline or \r\n with ?
  16. In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?
  17. Submit an HTML form with empty checkboxes
  18. encrypt and decrypt md5
  19. best practice to generate random token for forgot password
  20. Need a good regex to convert URLs to links but leave existing links alone
  21. Why is textarea filled with mysterious white spaces?
  22. uploading a file in chunks using html5
  23. display data from SQL database into php/ html table [closed]
  24. What is the best practice to use when using PHP and HTML?
  25. XSS filtering function in PHP
  26. Browser displays � instead of ´
  27. Convert HTML to Image in PHP without shell
  28. Is it possible to capture search term from Google search?
  29. Safe alternatives to PHP Globals (Good Coding Practices)
  30. Single Session Login in Laravel

Leave a Comment