Cross-Site Scripting in PHP ?

Author Topic: Cross-Site Scripting in PHP ?  (Read 474 times)

Offline chinmay.sahooTopic starter

  • Trade Count: (0)
  • Full Member
  • ***
  • Thank You 2
  • Posts: 153
  • Karma: 0
    • No Addiction
Cross-Site Scripting in PHP ?
« on: 12-30-2015, 03:49:45 »
By using the cross-site scripting technique,an attacker might be able to execute pieces of client-side scripting languages, such as JavaScript, and steal cookies or other sensitive data. Crosssite scripting is really not hard. The attacker only needs a way to insert raw data into the HTML of the site. For example, the attacker might enter
<script language="JavaScript">alert();</script> into an input box that does not strip any HTML tags. The following script illustrates this possibility:

Quote
<html>
<head><title>XSS example</title></head>
<body>
<form>
<input name='foo' value='<?php echo $_GET['foo']; ?>'>
</form>
</html>

Quote
'><script language='JavaScript'>alert('boo!');</script><a b='


 

Related Topics

  Subject / Started by Replies Last post
0 Replies
741 Views
Last post 12-25-2012, 01:03:08
by weiku775
0 Replies
890 Views
Last post 12-25-2012, 01:16:43
by weiku775
6 Replies
2209 Views
Last post 09-01-2015, 00:58:50
by akashsharma
7 Replies
3483 Views
Last post 05-24-2016, 01:14:01
by MaryGreen
8 Replies
1693 Views
Last post 11-05-2016, 00:28:43
by SerenMckay