Vulnerability Development mailing list archives

Re: Preventing XSS in PHP...

From: "William N. Zanatta" <william () veritel com br>
Date: Fri, 03 May 2002 11:43:33 -0300

What about the combination of POST method driven forms and REFERERfiltering? It seems to be trustable at least against external attacks(we couldn't stop a CSS attack comming from inside this way and), right?!


William


Slow2Show wrote:

In-Reply-To: <OF6FCFDC2A.59A56994-ON03256BAD.006A1C06 () carol com br>
Much if has said in holes of Cross Site Scripting.
Yep...some even say "too much" and argue that it isn'ta "real security hole", but if you've had your admin cookie
stolen on a forum then you would say otherwise.
Happily, language PHP supplies to the programmer a great
function to
prevent that this happens
yep PHP can handle input sanitizing very well...hopefullyall new webApp langs will have sanitizing functionality
built into their frameworks...(MS actually does in asp.net)
I suggest you check out the webAppSec list, the OWASP
project, and cgisecurity.com for more info.

http://online.securityfocus.com/archive/107

http://www.owasp.org

http://www.cgisecurity.com



Take care,



-Slow2Show-

Current thread:

Re: Preventing XSS in PHP... Slow2Show (May 02)
- Re: Preventing XSS in PHP... William N. Zanatta (May 03)
- <Possible follow-ups>
- Re: Preventing XSS in PHP... alrferreira (May 03)
- Re: Preventing XSS in PHP... Slow2Show (May 03)