Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Browse
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
- More
Activity
- All Activity
- Search
- More
Join our Discord!
More
- More

PHP Coding Help

[SOLVED] Fixing XSS ?

By thryb
November 5, 2007 in PHP Coding Help

Share

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/

Recommended Posts

Member

thryb

Posted November 5, 2007

- Share

Posted November 5, 2007

Hi guys,

Lets say there is a xss vuln in my script at

http://www.domain.com/file/"><marquee><h1>vulnerable

How can I fix it ? I have no trouble with fixing the one that affect a variable ie file.php?var=xxx

But how do I fix the one right at the end of a file like the one up here? I dont get the /">.

Thanks in advance!

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/

Share on other sites

Azu

Advanced Member

Azu

Posted November 6, 2007

- Share

Posted November 6, 2007

Simple

Wherever you echo/print user submitted data, just be sure to escape it with something like htmlspecialchars

So instead of echo $_GET['variable']; do echo htmlspecialchars($_GET['variable']);

This also applies to $_POST and $_SERVER and data retrieved from databases (if people can put stuff into the database, such as in a forum system for example).

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/#findComment-385738

Share on other sites

Member

thryb

Posted November 6, 2007

Author

- Share

Posted November 6, 2007

Yes that I understand, but in that case

http://www.domain.com/file/"><marquee><h1>vulnerable

there is no variable posted? or is it simply $_GET['']?

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/#findComment-385749

Share on other sites

Azu

Advanced Member

Azu

Posted November 6, 2007

- Share

Posted November 6, 2007

$_GET['file'] maybe. Not sure. Post the PHP code that is outputting it and I can tell you.

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/#findComment-385751

Share on other sites

Regular Member

MadTechie

Posted November 6, 2007

- Share

Posted November 6, 2007

i assume you are using .htaccess

something like

Redirect /blar/file/ /?file=

check that and get the variable

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/#findComment-385754

Share on other sites

Member

thryb

Posted November 6, 2007

Author

- Share

Posted November 6, 2007

Ok I found out ... thanks both of you for your help! Didnt think about the .htaccess, there was one of my $_GET that wasnt htmlspecialchars and I forgot it was directed by my htaccess :-[

Thanks again for your help

Quote

Link to comment

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/#findComment-385760

Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest

Reply to this topic...

× Pasted as rich text. Restore formatting

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Share

https://forums.phpfreaks.com/topic/76088-solved-fixing-xss/

Go to topic listing

×

Browse
- Back
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
Activity
- Back
- All Activity
- Search
Join our Discord!

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.