Menu
I had someone run a pentest against an application recently and one of the critical problems it found was when some garbage was passed in a URL like this:
http://example.com/index.php/
%27%3e%3c%69%4d%67%20%53%72%43%3d%78%20%4f%6e%45%72%52%6f%52%3d%61%6c%65%
72%74%28%34%37%34%31%32%29%3e
The problem is that the attacker simply adds a slash then some encoded javascript (an image tag with alert box), which kills the page. Simple and effective attack.
How do I code against it? I am already cleaning all expected user inputs (such as when a user passes index.php?id=<script>alert(1)</script>). That part works fine.
How do I protect against unexpected data quoted below the first paragraph above? (Also, is there a specific name for this type of XSS attack?)
607
Preventive controls attempt to prevent an incident from occurring. Detective controls attempt to detect incidents after they have occurred. Corrective controls attempt to reverse the impact of an incident. Deterrent controls attempt to discourage individuals from causing an incident.
Be carefull with the use of $_SERVER['PHP_SELF]
You should do htmlspecialchars($_SERVER["PHP_SELF"]); or htmlentities($_SERVER["PHP_SELF"]);
And that's a normal XSS attack.
More info: Info
125
I was using $_SERVER['PHP_SELF'] in an href tag, so that's where the JavaScript was triggered.
The solution is simple. I run PHP_SELF through a filter before using, and any passed garbage is cleaned and safe to use on the page.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
