Tagged Questions
0
votes
2answers
36 views
How to begin fixing XSS hole in website
I've never dealt with XSS before, but I just received a comment from a vistor that my website has XSS vulnerabilities.
He was nice enough to provide me with the string that activated a prompt box ...
1
vote
1answer
22 views
Encoding output from trusted sources such as AD
We've been having a debate at work recently about the merits of encoding output data from trusted sources such as an Active Directory. We have a web application that displays list of users that are ...
1
vote
2answers
58 views
XSS in PHP: htmlspecialchars or the Apache URL Rewrite rule?
I am not familiar with PHP and our product is not written in PHP.
We use a vendor that creates for our documentation using PHP.
Recently we discover XSX attack in the PHP code.
The XSS attack was ...
6
votes
7answers
9k views
Anyone know of a free XSS penetration testing tool?
I am looking for...
A spider/automated
Will find all input fields and queryStrings, then insert potential XSS discoveries
Reports any XSS vulnerabilities found
0
votes
0answers
64 views
Rendering Special Characters having contextual escaping using ESAPI library
This Question is related to cross-site scripting (XSS).
Recommendation was to use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response.
My ...
1
vote
0answers
44 views
User-editable HTML XSS protection (tumblr like)
I want my service to have such a feature: author can fully customize the page, but can't steal users' cookies.
Tumblr had some troubles with that, but solved them successfully ...
0
votes
1answer
405 views
how to set httponly and session cookie for java web appliaction
Hi I am working on XSS(cross site scripting) issue. my application develop on oracle weblogic portal. we use Servlet 2.5 version.
I have added below 3 lines of code in the filter for setting ...
0
votes
1answer
23 views
Securing my web application against malicious input
I am in the process of building a basic security layer for my web application. I am seeking validation of the steps that I am taking. The current focus is XSS, so I am not touching databases in this ...
0
votes
2answers
56 views
What is cross site scripting
At this link:http://www.acunetix.com/websitesecurity/cross-site-scripting/ under The Theory of XSS, it says: the hacker infects a legitimate web page with his malicious client-side script. My first ...
0
votes
2answers
63 views
PHP: <script> tag echoed from $_POST is mysteriously blocked
I'm trying to test information I learned regarding PHP security. I have a simple HTML5 page with a POST form and a single textarea input, where I input the following JS code:
<script>var x = 5; ...
3
votes
3answers
5k views
XSS attack with javascript in img src attribute
Some older browsers are vulnerable to XSS attacks as such
<img src="javascript:alert('yo')" />
Current versions of IE, FF, Chrome are not.
I am curious if any browsers are vulnerable to a ...
3
votes
1answer
210 views
How much can I trust ASP.NET Request Validation with Web Pages/WebMatrix vs. XSS?
I have read (and am coming to terms with) the fact that no solution can be 100% effective against XSS attacks. It seems that the best we can hope for is to stop "most" XSS attack avenues, and probably ...
0
votes
0answers
49 views
Bad referrer data in xss [closed]
I came across this while I'm learning securing php from xss attacks. Can anyone please tell me what is bad referrer data?? and how it show impact on a website?. I'm providing the link and little ...
0
votes
1answer
76 views
Understanding HTML Purifier
I am currently using CodeIgniter. I have 4 forms (student signin, login in form, create account, and request account)
I am currently using this at the moment to filter my input on one of the forms ...
0
votes
1answer
126 views
Security checks on PHP (with PDO) for a member authentication and registration [closed]
I'm looking for an examples of some more advanced security checks that I'd be able to perform on my website.
I'm using PHP 5.2 with PDO MySQL database.
What would interest me most are:
samples of ...
