Cross-Site Scripting in PHP ?

chinmay.sahoo · 12-30-2015, 05:49:45

By using the cross-site scripting technique,an attacker might be able to execute pieces of client-side scripting languages, such as JavaScript, and steal cookies or other sensitive data. Crosssite scripting is really not hard. The attacker only needs a way to insert raw data into the HTML of the site. For example, the attacker might enter
<script language="JavaScript">alert();</script> into an input box that does not strip any HTML tags. The following script illustrates this possibility:

Quote<html>
<head><title>XSS example</title></head>
<body>
<form>
<input name='foo' value='<?php echo $_GET['foo']; ?>'>
</form>
</html>

Quote'><script language='JavaScript'>alert('boo!');</script><a b='

Cross-Site Scripting in PHP ?

chinmay.sahoo