comment 0

What is Cross Site Scripting or XSS?

Cross-Site scripting is one of the best know attack. Any web application that displays input is at risk. In this Web 2.0 time this attack can be easy to do.
:woot:
I think the name “cross site” is confusing. It’s easy to hear that and think it involves code on one website attacking code on another website. That’s not what it is. Not to mention its unfortunate “true” acronym.

It simply means: executing abritrary JavaScript code on the page.

This could be JavaScript that is inserted into the URL or through form submissions. If either of those ways of accepting information doesn’t “clean” the information it is getting before outputting it again on the page, then arbitrary JavaScript can run on that page and that’s an XSS vulnerability.

If JavaScript can run on the page, then it can access cookies.

If it can access cookies, then it can access active sessions.

If it can access active sessions, it can log in as you to websites you are logged in to, at least long enough to change passwords or other havoc.

Symantec has said that 80% of internet vulnerabilities are due to XSS.

XSS is different from, but similar in spirit to SQL injection. SQL injection is where SQL commands are not cleaned from inputs and thus able to do malicious things to a database. Using HTTPS cannot help with either XSS or SQL injection. HTTPS only protects data in transit over networks.
:redface:
I’m not a security expert, I’m just helping spread the word: let’s scrub those inputs people!


Sponsored links



here some tips & tricks to securing your website from Cross-Site scripting or XSS vulnerability

  • Function for stripping out malicious bits
  • <?php
    function cleanInput($input) {
     
      $search = array(
        '@<script[^>]*?>.*?</script>@si',   // Strip out javascript
        '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
        '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
        '@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
      );
     
        $output = preg_replace($search, '', $input);
        return $output;
      }
    ?>
  • Sanitization function
  • <?php
    function sanitize($input) {
        if (is_array($input)) {
            foreach($input as $var=>$val) {
                $output[$var] = sanitize($val);
            }
        }
        else {
            if (get_magic_quotes_gpc()) {
                $input = stripslashes($input);
            }
            $input  = cleanInput($input);
            $output = mysql_real_escape_string($input);
        }
        return $output;
    }
    ?>

    USAGE

    <?php
      $bad_string = "Hi! <script src='http://www.evilsite.com/bad_script.js'></script> It's a good day!";
      $good_string = sanitize($bad_string);
      // $good_string returns "Hi! It\'s a good day!"
     
      // Also use for getting POST/GET variables
      $_POST = sanitize($_POST);
      $_GET  = sanitize($_GET);
    ?>
  • Using htaccess
  • RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
    RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ 404.php [F,L]
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
     
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

    there are some tips and trick how to securing your website from Cross-Site scripting or XSS vulnerability
    8)

    Leave a Reply

    Your email address will not be published. Required fields are marked *