Search DaniWeb - xss

Re: XSS and textarea 16 Years Ago by digital-ether …=skinbug;678494]Do you need to validate a textarea against XSS injections? I have a textarea on a reg form and… encoding of the input data correctly in order to prevent XSS - something which is easily overlooked. XSS and textarea 16 Years Ago by skinbug Do you need to validate a textarea against XSS injections? I have a textarea on a reg form and … XSS and SQL Injection 15 Years Ago by cheapterp … addition to the cfqueryparam tag). Am I still vulnerable to XSS and SQL Injection? Do I need to filter meta-characters… XSS how to bypass <> 11 Years Ago by begueradj Hello, How can we bypass a filter that checks "<>" in order to perform an XSS attack ? Thanks in advance, Begueradj XSS injection 10 Years Ago by iConqueror … the input field. I believe its some kind of anti xss embedded into chrome that prevents injecting script tags. Can anyone… Re: XSS injection 10 Years Ago by hericles I can confirm this as true. It's not perfect however, you can fudge the script tags in various ways that the script analyser will ingnore and pass through (I saw some methods that use comment delimiters). But inputting <script> tags into inputs in Chrome doesn't work, they get scrubbed out. I think safari has anti-XSS as well. XSS website vulnerability 8 Years Ago by RoDaGo Hi, I've had a report that my website has an XSS vulnerability (specific details have not yet been provided). Can anyone recommend any software that I can use to test my site for weaknesses please? Thank you Re: display a different content of a website with XSS 17 Years Ago by digital-ether … other subforums. I have this assignment to demonstrate simple XSS (cross site scripting). I have to craft an URL…, they often talk about the more complex version of XSS Anyone familiar with this?[/QUOTE] You need to first …create a webpage with an XSS vulnerability. This is any dynamic website that displays input … display a different content of a website with XSS 17 Years Ago by kryptolite … any other subforums. I have this assignment to demonstrate simple XSS (cross site scripting). I have to craft an URL that… this, they often talk about the more complex version of XSS Anyone familiar with this? How can I prevent a XSS attack but allow user to post iframe and img 11 Years Ago by woodenduck How can I prevent a XSS attack but allow user to post iframe and img? My page is php based but I allow users to submit text and have allowed only iframes and imgs with strip_tag How do I prevent a user from launching an xss attack? Preventing XSS issue while using DataGrid 15 Years Ago by UmeshDK Hi, I am using DataGrid to display the data from the database. I have used the event ItemDataBound to encode the data coming from the database before being displayed in the grid. Is there any other efficient/recommended method to avoid XSS issue while using DataGrid for displaying data from the database? Thanks, Umesh D K Re: Preventing XSS issue while using DataGrid 15 Years Ago by kvprajapati … Columns is set to true for security reasons (to prevent xss attacks). I think you are working with 1.1 version… Re: XSS and textarea 16 Years Ago by somedude3488 yes it does need to be checked. i use htmlpurify. its a pretty nice php application that will strip out bad information. Re: XSS website vulnerability 8 Years Ago by diafol https://www.owasp.org/index.php/Testing_for_Cross_site_scripting Have a look at the references section too. Not automated testing, but how to protect yourself. Re: XSS website vulnerability 8 Years Ago by RoDaGo A good starting point. Thank you! Re: Help - XSS vulnerability 14 Years Ago by El Duke Prevent XSS, in other words, Sanitize Tags ( <, >, ", etc...) Re: Help - XSS vulnerability 14 Years Ago by El Duke Thanks, I don't expect the user to enter anything but names and numbers, so I guess no harm with filtering. But that doesn't seem to work anyway, I still get XSS upon entering a script in the keyword field, tried str_replace() as well, and it doesn't work, this is confusing! Re: Help - XSS vulnerability 14 Years Ago by Stefano Mtangoo … that doesn't seem to work anyway, I still get XSS upon entering a script in the keyword field, tried str_replace… Re: Help - XSS vulnerability 14 Years Ago by diafol … use mysql_real_escape_string() to stop SQL injection and htmlentities to avoid xss. Re: Help - XSS vulnerability 14 Years Ago by El Duke … use mysql_real_escape_string() to stop SQL injection and htmlentities to avoid xss.[/QUOTE] Tried htmlentities() on every possible input, nothing but the… Re: Secure query against xss 13 Years Ago by Stefano Mtangoo … mysql :( Thank you![/QUOTE] to secure a web app from XSS, validate input against whitelist and discard anything not in white… Re: Can someone please advice me for hoe can i prevent xss attacks ? 1 Year Ago by Dani … you don't want it to, which is what an XSS attack is. Re: Can someone please advice me for hoe can i prevent xss attacks ? 1 Year Ago by gottaloveit In whatever code language is running on the server, use a well known database library that is well documented and features XSS aka sql injection prevention. XSS/Injection Protection 11 Years Ago by mattyd I am about to begin protecting a yet to be launched site againt injection attacks.(And other possible attacks) I am making use of a large database and must fortify this fully. I am researching this but am here to pose the question: **What should my main concerns be**? Please be kind enough to list these. I need to be aware of **all** … Re: XSS/Injection Protection 11 Years Ago by GliderPilot Never assume you know what the user will input. Check user input before doing anything with it to make sure it is what you expect it to be (I use regex expressions for this). If you're using PHP I highly suggest the use of prepared / parameterized mysqli queries. Using a prepared statement will go a long ways at eliminating an SQL injection attack… Re: XSS/Injection Protection 11 Years Ago by mattyd Thank you, GliderPilot. Re: XSS/Injection Protection 11 Years Ago by JorgeM Just to add... >Check user input before doing anything with it to make sure it is what you expect it to be (I use regex expressions for this). Even if you check it client side using JavaScript, check it again server side as well. To mitigate some of the issues that come along with user input, try using as many controls as you can that limit… Re: How can I prevent a XSS attack but allow user to post iframe and img 11 Years Ago by basepic You Need a Security Encoding Library.Writing these encoders is not tremendously difficult, but there are quite a few hidden pitfalls. Re: How can I prevent a XSS attack but allow user to post iframe and img 11 Years Ago by woodenduck thanks, do you have any free examples? Re: How can I prevent a XSS attack but allow user to post iframe and img 11 Years Ago by veedeoo This can be probably prevented, but I don't really find any 100% eradication solution for an iframe. For example, if you are allowing your user to do this <iframe src="http://maliciousSitDotCom/hackTheHack.php"></iframe> and in the remote server the hackTheHack.php contain this http://maliciousSitDotCom/…