Cross site scripting issue Programming Web Development by erioch … some diagnostic tests and found that it is valnurable for Cross site scripting, any help??? or sugestion??? I have attached a copy of…("count_captcha")+1 end if set body=CreateObject("Scripting.Dictionary") str="<script language = JavaScript>"… WYSIWIG Textbox editors and Cross Site scripting attacks Programming Web Development by riddleyw … this necessarily open my users up to cross site scripting? I know just enough about cross site scripting to know that you're supposed to filter… Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by Jenny12345 I am doing an investigation in to cross site scripting and sql injection and maybe other attacks for my thesis … about setting up a fictional website that is vulnerable to cross site scripting and sql injections etc, and then comparing various methods to… How can i be safe from things like SQL injection and cross-site scripting? Programming Web Development by jayashree10 Security matters. How can I guard against things like SQL injection or cross-site scripting? It will be really helpful if somebody could help. Re: How can i be safe from things like SQL injection and cross-site scripting? Programming Web Development by Dani … `mysqli::real_escape_string()` function. Other databases have equivalent functions. To prevent cross-site scripting attacks, you similarly want to make sure that *all* text… Re: Cross site scripting issue Programming Web Development by erioch … = "ACCESS" Set tables_data = CreateObject("Scripting.Dictionary") Set field_labels = CreateObject("Scripting.Dictionary") %> <!--#include file="… Re: Cross site scripting issue Programming Web Development by ArtistScope … for a SQL Attack which can either crash your database/site or be used to throw up information that can further… Re: Cross site scripting issue Programming Web Development by erioch Hi, It seems to be working well now... It is replacing the unwanted characters well... I have liked the site and very soon, maybe next month, am considering contributing to the work... Regards, Erick Re: Cross site scripting issue Programming Web Development by ArtistScope Add a new include file for your new functions (at the top of the page), keeping it separate from commonfunctions.asp which may be overwritten if you are using an ASP generator application? Passing a username field should not be a risk if it's filtered. Re: Cross site scripting issue Programming Web Development by reygcalantaol You may also use parameterize query to prevent SQL injection. Re: WYSIWIG Textbox editors and Cross Site scripting attacks Programming Web Development by samarudge If you look up strip_tags on the PHP website you can define a list of the allowable tags. For example the quick reply editor on Daniweb has bold (<b>, <strong>) italic (<i>) underline (<u>) paragraphs (<p>) spans (<span) and links (<a>) so you would set a function like [CODE] $Input = strip_tags($_POST['… Re: WYSIWIG Textbox editors and Cross Site scripting attacks Programming Web Development by riddleyw Thanks! How do they handle code snippets, then? How are they kept in the message but kept from becoming live and danggerous Re: WYSIWIG Textbox editors and Cross Site scripting attacks Programming Web Development by liamfriel strip_tags removes php tags also: for javascript etc i use this function: [CODE] #this will strip javascript/html then prepare the script for inserting into database function make_safe($string) { $string = preg_replace('#<!\[CDATA\[.*?\]\]>#s', '', $string); $string = strip_tags($string); $string = htmlentities($string, … Re: WYSIWIG Textbox editors and Cross Site scripting attacks Programming Web Development by diafol Just one point - if tags aren't closed properly by the WW editor - there goes the rest of your page! Ensure that your editor / own code checks for closed tags and quotes. Re: Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by pritaeas Try multiple websites built with different technologies. Then you can compare how they differ in preventing such attacks. Re: Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by Jenny12345 Hi thanks for your reply, when you say different websites with different technologies do you mean websites built with ASP.NET, PHP etc can you please elebortate on that Re: Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by pritaeas > do you mean websites built with ASP.NET, PHP Yes, there are more like perl and Ruby for example. You can also think of differences in settings between IIS, Apache and TomCat. Then there's a difference in databases like MySQL, SQL Server, Postgres, SQLite etc. Re: Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by Jenny12345 What do you reckon would be the best way that I should demonstrate this? How can I find out which website use which technology? Since setting up different website built with diffrent technologies would be quite time consuming. sorry for all these questions :) Re: Is this a good topic for my thesis, cross site scripting and sql injections Programming Web Development by pritaeas If you want to add complexity to your thesis it will always be more time consuming. I don't think there are any shortcuts if you want to demonstrate flaws in some technological solution. php site was hacked Programming Web Development by jobojo … have been reading up on SQL injection attacks and cross-site scripting attacks as I am assuming at least one of … above. This error is only present when accessing the site from Firefox (i have the latest version installed), but…and it has found 56 possibly high level vulnerabilities to Cross Site Scripting (XSS) attacks. I am not really too sure how… Cross site scripting threat Programming Web Development by priyanka85 I have an input field which is showing vulnerable in security scan using XSS attack as: STYLE="xss:e/**/xpression(try{a=firstTime}catch(e){firstTime=1;alert(969)});" Could you please suggest how can we prevent from vulnerability like this ? Field: <input id="{ControlItemUniqueID}Data" style="width:150px" … Re: ajax cross domain compatability Programming Web Development by pclfw [QUOTE=;][/QUOTE] It isn't possible for the client side javascript to access another domain. <<<<SOLUTION DELETED BY AUTHOR>>>> However this really doesn't sound like something that I would like to happen to any of my data. Sounds a lot like cross site scripting to me. Re: Weird Codes on My Site. Virus? Programming Web Development by veedeoo … SQL Injection No vulnerabilities found File Handling No vulnerabilities found Cross Site Scripting No vulnerabilities found CRLF No vulnerabilities found Commands execution No… Re: Was my site hacked? Please help. Programming Web Development by helraizer [QUOTE=nav33n;619765]Oh, cross site scripting ! Hmm..[/QUOTE] Yeah. XSS! Some how they found an exploit …in the posting of blogs on a user's site in which they use the HTML <!-- Comments --> <… Re: Was my site hacked? Please help. Programming Web Development by nav33n … your database and see the post in there.[/QUOTE] Oh, cross site scripting ! Hmm.. Cyber-attack 'superfecta' statistics released Hardware and Software Information Security by happygeek …four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal. Cross-Site Request Forgery (CSRF) is an…Engineer at FireHost who continues "for example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little… Re: Cyber-attack 'superfecta' statistics released Hardware and Software Information Security by LastMitch … a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal. Actually to… Read text file Programming Web Development by ferdinandmucos … Syndication','Really Simple Scripting','Ready-Styled Scripting','Really Stupid Syndication'), array(0 => 'Cross-site Scripting','Cross-site Security','Cleverly Structured Scripting','eXtremely Safe and …'), array(0 => 'JavaScript Object Notation','JQuery-Scripting Object Notation','Just Simple Object Notation','JavaScript Over the … XSS and SQL Injection Programming Web Development by cheapterp … of them with basically the same problem: [B]Cross Site Scripting[/B] and [B]Cross Site Scripting in URI[/B]. For every input on all of… to be entered in most of the textfields on the site. Therefore, in addition to the [icode]<cfqueryparam cfsqltype = cf_sql_float… A tale of two Twitter worms Hardware and Software Networking by happygeek … is legit!" Actually, what was happening was a typical cross site scripting attack, in this case spamming links across Twitter without the… was getting to grips with the StalkDaily worm so another cross site scripting attack took hold. The [URL="http://www.sophos.com…