Vulnerability Development mailing list archives
Re: Preventing XSS in PHP...
From: "William N. Zanatta" <william () veritel com br>
Date: Fri, 03 May 2002 11:43:33 -0300
What about the combination of POST method driven forms and REFERER filtering? It seems to be trustable at least against external attacks (we couldn't stop a CSS attack comming from inside this way and), right?!
William Slow2Show wrote:
In-Reply-To: <OF6FCFDC2A.59A56994-ON03256BAD.006A1C06 () carol com br>Much if has said in holes of Cross Site Scripting.Yep...some even say "too much" and argue that it isn't a "real security hole", but if you've had your admin cookiestolen on a forum then you would say otherwise.Happily, language PHP supplies to the programmer a greatfunction toprevent that this happensyep PHP can handle input sanitizing very well...hopefully all new webApp langs will have sanitizing functionalitybuilt into their frameworks...(MS actually does in asp.net)I suggest you check out the webAppSec list, the OWASPproject, and cgisecurity.com for more info. http://online.securityfocus.com/archive/107 http://www.owasp.org http://www.cgisecurity.com Take care, -Slow2Show-
Current thread:
- Re: Preventing XSS in PHP... Slow2Show (May 02)
- Re: Preventing XSS in PHP... William N. Zanatta (May 03)
- <Possible follow-ups>
- Re: Preventing XSS in PHP... alrferreira (May 03)
- Re: Preventing XSS in PHP... Slow2Show (May 03)