Well, the function filter_input(INPUT_GET, 'kw',
FILTER_SANITIZE_ENCODED);
...seemed to take care of the example on the report by
Security Metrics.
Am I on the right track here, at least?
I'm reading pages on 'sanitizing PHP input'. Is that where I
should be headed?
Skip
Shawn McKenzie wrote:
Skip Evans wrote:
Hey all,
You may have seen my earlier message about a current client whose site
I've taken over maintenance on that is trying to get PCI Compliance from
Security Metrics. I've put all the forms behind https and a couple of
other things, but this one I don't know how to solve. I'll read up on
cross site scripting, but could someone help me understand what they
believe the vulnerability is in their notes below?
Thanks,
Skip
Possible cross site scripting on http://www.ranghart.com/index.php
Use the following commands to verify this: wp --inject
"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
TCP http/https 4
curl -L
"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
grep "123" This website may have other injection
related vulnerabilities.
Well, their example is not correct, try:
http://www.ranghart.com/index.php?action=search&kw=SEARCH%3Cscript%3Ealert%28"Im
doing some nasty JavaScipt hacking here!"%29%3B%3C%2Fscript%3E in a browser.
This means that you're not validating/sanitizing input. You can't just
take the contents of a $_GET, $_POST, etc. (any user input) variable and
echo it out.
--
====================================
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison WI 53703
608.250.2720
http://bigskypenguin.com
------------------------------------
Those of you who believe in
telekinesis, raise my hand.
-- Kurt Vonnegut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
