Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to analyze and simply protect XSS from the point of view of code

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to analyze and simply protect XSS from the code point of view. The content of the article is of high quality. Therefore, Xiaobian shares it with you as a reference. I hope that after reading this article, you will have a certain understanding of relevant knowledge.

Xss in the usual test, or more important, if there is a storage type xss, you can do a lot of things, hit cookies, add administrators and many other operations.

All the following code is written by myself, there may be unsightly, code errors and so on, I hope you can correct me.

Bug explanation

This is an input box.

Write classic pop-up code inside

Click Submit and go to index.php

A pop-up code appears.

Here, add the code used earlier

The reason is that the input is not filtered and stored directly in the database

Simple repair

You just need to filter the content as it comes in.

Here we mainly use the htmlspecialchars() function, this function can convert its content into HTML entities, it is perfect to prevent xss vulnerabilities

We just need to process it when we insert it into the database

At this point, look at the effect

At this point, the window is no longer pop-up

At this point the tag has been escaped as an HTML entity

expand

In fact, the role of xss is still very large, definitely not limited to cookies, etc., before seeing a more interesting article, said that the pose is a mess in the background, the essence is to use xss and then combine some other things to achieve, so that the idea must be open, not limited to a vulnerability itself that a few use points.

About how to analyze and simply protect XSS from the code point of view to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Code content article loophole angle analysis protection function entity data database time more knowledge article or input good important beautiful vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Tech Info OPPO Reno MariaDB Apple Microsoft Docker Redmi Shulou Technology Xiaomi NVidia vpn Huawei macOS MySQL Linux Shulou Information Shulou Tech Info OPPO Reno MariaDB Apple Microsoft Docker Redmi Shulou Technology Xiaomi NVidia vpn Huawei macOS MySQL Linux Shulou Information

Share To

Related

Internet Technology

More Internet Technology >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report