Jump to content

I've noticed a common problems

shank888

By shank888
in PHP Coding Help

 Share

Recommended Posts

phpSensei Advanced Member

phpSensei

Posted
Posted

Google: XSS prevention - 1st link

Google: Sql Injection - 1st link

Google: Hijacking Forms - 1st link

 

http://ha.ckers.org/xss.html

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

http://www.anders.com/projects/sysadmin/formPostHijacking/

 

God, I am sick of people asking these stupid questions all the time, I don't care what you guys will say, I know this is a Help Section, but this is no where near wanting help but just for us to go and fetch stuff for you.

 

GOOGLE!

 

argue with me, i dont care.

shank888 Member

shank888

Posted
  • Author
Posted

Maby it's time to make and XSS protection stiky thread where we can find everything we need ... how to prevent ... how to protect aganst it for global applications and not just one at the time.

 

I agree with this.

 

And for the other guy I went to those exact sites. I know what they are. I dont understand what the sites are saying So i came here.

If you're soo brilliant maybe you can explain it?

phpSensei Advanced Member

phpSensei

Posted
Posted

Maby it's time to make and XSS protection stiky thread where we can find everything we need ... how to prevent ... how to protect aganst it for global applications and not just one at the time.

 

I agree with this.

 

And for the other guy I went to those exact sites. I know what they are. I dont understand what the sites are saying So i came here.

If you're soo brilliant maybe you can explain it?

 

What they are? Just read the damn page, XSS is malicious code inserted into vulnerable parts of your site, like a form. Its usually HTML code that can be viewed by other members, or client-side scripts.

 

And what can i say about Sql injection other then someone breaking your query, by finding unprotected HTTP vars, or even forms..

 

http://en.wikipedia.org/wiki/SQL_injection

http://en.wikipedia.org/wiki/Cross-site_scripting

mainewoods Newbie

mainewoods

Posted
Posted

if your version of php supports it, one easy thing you can do is use the 7nth parameter of setcookie ($httponly) so that the cookie is not accessable by javascript: 

setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )

http://us3.php.net/manual/en/function.setcookie.php

 

not all browsers implement the httponly cookie feature right now, but I expect more and more will and it would stop all current xss attack methods in their tracks. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.