shaukathayder Posted November 24, 2010 Share Posted November 24, 2010 I am having problems with the security issue of XSS with a site which I have prepared I have a form <table width="100%" border="0" bgcolor=#e3e8ef> <?php if($vld == "no") { ?> <tr> <td height="30" colspan="2"><div align="center" class="papers style2">Illegal characters found! Unable to send mail </div></td> </tr> <?php } ?> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">From </font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <input name="emfrom" value="<?php if (isset($_POST['Submit'])) {echo $_POST['emfrom']; }?>" size="40"> </font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Subject </font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <input name="emsub" size="40" value="<?php if (isset($_POST['Submit'])) {echo $_POST['emsub']; }?>"> </font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">To</font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <select name="emto" > <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>DGP</option> <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>DIGP(A)</option> <option value="[email protected]" <?php if ($_POST['emto'] == "[email protected]") {echo "Selected"; }?>>IGP(SB)</option> </select> </font></td> </tr> <tr> <td colspan="2"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Message Body :</font><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"></font></td> </tr> <tr> <td width="51%"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"></font></td> <td width="49%"> <font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b"> <textarea cols=55 name=embody rows=10><?php if (isset($_POST['Submit'])) {echo $_POST['embody']; }?></textarea> </font></td> </tr> <tr bgcolor="#FFFFFF"> <td colspan="2"><div align="center"><img id="siimage" align="center" style="padding-right: 5px; border: 0" src="securimage_show.php?sid=<?php echo md5(time()) ?>" /> <a tabindex="-1" style="border-style: none" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = 'securimage_show.php?sid=' + Math.random(); return false"><img src="images/refresh.gif" alt="Reload Image" border="0" onclick="this.blur()" align="bottom" /></a></div></td> </tr> <tr> <td colspan="2"><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#3b3b3b">Security Code:</font></td> </tr> <tr> <td> </td> <td><input type="text" name="code" size="12" /></td> </tr> <?php if($helpTxt != "") {?> <tr> <td> </td> <td><div align="center" class="style1"> <div align="left"><?php echo $helpTxt?></div> </div></td> </tr> <?php } ?> </table> and on submitting the form I have written the following code $vld="yes"; $myname = cleanInputs($_POST['emfrom']); $myname = htmlspecialchars(htmlentities(strip_tags($myname),ENT_QUOTES)); if(absuse($myname)) $vld="no"; if(CheckWords($myname)) $vld="no"; $myemail = "[email protected]"; $contactname = "Helpline"; $contactemail = cleanInputs($_POST['emto']); $contactemail = htmlspecialchars(htmlentities(strip_tags($contactemail),ENT_QUOTES)); if($vld == "yes") { if(absuse($contactemail)) $vld="no"; if(CheckWordsEmail($contactemail)) $vld="no"; } but the security agency who is doing the security check(XSS issue for the site) still says that there is vulnerabilities for the XSS issues. Can anyone help me out on that issue. I need the solution a little urgent. Link to comment https://forums.phpfreaks.com/topic/219689-xss-help-with-php/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.