mikefrederick Posted March 27, 2008 Share Posted March 27, 2008 What is the real danger of XSS? If you can't inject PHP into the page then isn't any change you make just going to show up on your own computer? Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 27, 2008 Share Posted March 27, 2008 The biggest issue is usually user-inputted data that is eventually echo'ed from the server to other clients. Forum signatures, profiles ect. The idea is if they can inject client side scripting, they can pretty much maks your site, or change certain elements (ie form actions, ect) to capture data. Any data inputted by a user that will eventually be echo'ed back to clients is vulnerable. One quick and easy solution is htmlentities() or a sanitization script like this one http://htmlpurifier.org/ Quote Link to comment Share on other sites More sharing options...
aschk Posted March 27, 2008 Share Posted March 27, 2008 XSS is done utilising javascript (in most cases i'm aware of). Basically if someone is able to insert javascript into your pages (via form submission or otherwise) they can execute commands as the user that is currently utilising the site. i.e. make a form submission, change someone's profile information, send sensitive details to their own server. All bad, google it for more info. Quote Link to comment Share on other sites More sharing options...
Naez Posted March 27, 2008 Share Posted March 27, 2008 Was this the kind of attack that these forums were vulnerable to not too long ago? Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 27, 2008 Share Posted March 27, 2008 SMF has several vulnerabilities. XSS could have been used to sniff an admin password... but there are easier ways to get through SMF, so I doubt that. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 27, 2008 Share Posted March 27, 2008 XSS also takes the form of server side code injection (assuming that you are not validating all external data), where your code uses an include() statement with a parameter from the end of the url as the file to be included and someone appends a url to their page that outputs raw/unparsed php code that is then executed on your server or if your do something like put external data through the eval() function. This can also take the form of user supplied input that contains raw php code that you save into a file ending in .php and then that file is browsed to... or you have an upload function that allows a .php file to be uploaded and then browsed to... Just a few of the possible ways someone can put or run his script on your server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.