xss

Securing application against XSS

江枫思渺然 提交于 2020-01-06 13:07:07
问题 We are currently using OWASP Antisamy project to protect our application against XSS attacks. Every input field is sanitized when any given form is submitted to server. It works fine, but we have issues with the fields like company name, organization name, etc. Ex: Ampersand is escaped for AT&T and the company name is displayed wrong (displayed with escaped characters). We manually update the fields on database to fix this issue. However, this is a pain in the neck as you can imagine. Is

what more can I do to prevent myself from XSS injection & SQL Injection?

拟墨画扇 提交于 2020-01-06 05:26:13
问题 If my site ever goes live (don't think it will, its just a learning exercise at the moment). I've been using mysql_real_escape_string(); on data from POST, SERVER and GET. Also, I've been using intval(); on strings that must only be numbers. I think this covers me from sql injection ? Correct? Can i do more? But, I'm not sure how it provides (if it provides any protection at all) from XSS injection ? Any more information on how to combat these two forms of attacks is appreciated. 回答1: I think

Post form data created by an ajax call to a remote url

爷,独闯天下 提交于 2020-01-06 04:56:05
问题 I would like to perform a two stage post. The first is an AJAX post to my own service that creates form data such as "email=blah&dude=car" etc. In the callback for the AJAX call I need to repost that data to a remote site, in a normal post. I was thinking something like: var formData = "some form data"; $.ajax({ type: 'POST', url: '/myservice', data: formData, success: function(data, status) { xmlhttp=new XMLHttpRequest(); xmlhttp.open("POST","http://remotepage.com",true); xmlhttp.send(data);

Ajax Control Toolkit HtmlEditorExtender: Xss Attacks

大憨熊 提交于 2020-01-04 05:15:12
问题 I'm using Ajax Control Toolkit in my ASP.NET project and I have a problem with HtmlEditorExtender which name is ContentHtmlEditor . HtmlEditorExtender attached to TextBox which name is ContentBox . I tried to make an XSS Atack. I edited html code with Chrome and inserted the following string: <a href='javascript:alert()'>bla-bla-bla</a> After post back ContentBox.Text equals to <a href="javascript:alert()">bla-bla-bla</a> . As you can see javascript:alert() hasn't been removed but as I know

How can I programmatically get all of a string's unicode entities to resolve themselves?

拜拜、爱过 提交于 2020-01-04 02:44:29
问题 I'm trying to mitigate XSS. How can I shield from this: j&#X41vascript:alert('test2') in the href of a link? I've tried the following, but it just assigns the literal, unresolved value of that above string as a relative path of the href, not a proper javascript: href capable of triggering code execution. I'm wondering how an attacker might be able to exploit this. I've tried the following: a = document.createElement('a'); and then both this: a.href = 'j&#X41vascript:alert('test2')'; and this:

XSS without HTML tags

孤街浪徒 提交于 2020-01-03 17:11:40
问题 It is possible to do a XSS attack if my input does not allow < and > characters? Example: I enter <script>alert('this');</script> text But it if I delete < and > the script is not text: I enter script alert('this'); script text 回答1: Yes, it could still be possible. e.g. Say your site injects user input into the following location <img src="http://example.com/img.jpg" alt="USER-INPUT" /> If USER-INPUT is " ONLOAD="alert('xss') , this will render <img src="http://example.com/img.jpg" alt=""

How in Django/Python can I ensure safety from WYSIWYG-entered HTML?

十年热恋 提交于 2020-01-03 12:34:09
问题 I would like to remove vulnerabilities to XSS / JavaScript injection in a web application where users are allowed to use an editor like CKEditor which allows arbitrary HTML (and whether my specific choice of editor allows arbitrary HTML or not, blackhats will be able to submit arbitrary HTML anyway). So no JavaScript, whether SCRIPT tags, ONCLICK and family, or whatever else. The target platform is Python and Django. What are my best options here? I am open to an implementation that would

Angular $sce vs HTML in external locale files

怎甘沉沦 提交于 2020-01-03 09:29:13
问题 A question regarding ng-bind-html whilst upgrading an Angular app from 1.0.8 to 1.2.8: I have locale strings stored in files named en_GB.json , fr_FR.json , etc. So far, I have allowed the use of HTML within the locale strings to allow the team writing the localized content to apply basic styling or adding inline anchor tags. This would result in the following example JSON: { "changesLater": "<strong>Don't forget</strong> that you can always make changes later." "errorEmailExists": "That

pikachu-XSS

荒凉一梦 提交于 2020-01-03 06:56:47
web安全 实验报告 实验二 XSS 学生姓名 倪文锴 年级 2017级 区队 实验班 指导教师 高见 XSS概述 简介 Cross-Site Scripting 简称为“CSS”,为避免与前端叠成样式表的缩写"CSS"冲突,故又称XSS。一般XSS可以分为如下几种常见类型: 1.反射性XSS; 2.存储型XSS; 3.DOM型XSS; XSS漏洞一直被评估为web漏洞中危害较大的漏洞,在OWASP TOP10的排名中一直属于前三的江湖地位。 XSS是一种发生在前端浏览器端的漏洞,所以其危害的对象也是前端用户。 形成XSS漏洞的主要原因是程序对输入和输出没有做合适的处理,导致“精心构造”的字符输出在前端时被浏览器当作有效代码解析执行从而产生危害。 因此在XSS漏洞的防范上,一般会采用“对输入进行过滤”和“输出进行转义”的方式进行处理: 输入过滤:对输入进行过滤,不允许可能导致XSS攻击的字符输入; 输出转义:根据输出点的位置对输出到前端的内容进行适当转义; 简单说; XSS是一种发生在Web前端的漏洞,所以其危害的对象也主要是前端用户 XSS漏洞可以用来进行钓鱼攻击、前端js挖矿、盗取用户cookie,甚至对主机进行远程控制 XSS漏洞测试流程 ① 在目标上找输入点,比如查询接口、留言板 ② 输入一组 “特殊字符(>,',"等)+唯一识别字符” ,点击提交后,查看返回源码

浅谈XSS

荒凉一梦 提交于 2020-01-03 02:18:12
    最近在做项目中的漏洞修复工作,在短时间内接触到很多关于web开发需要防范的漏洞,例如SQL injection , XSS, CSRF等等,这些漏洞对web开发的项目来说的破坏还是比较大的,其实在网上有很多这些漏洞的介绍和防范,像SQL injection这些漏洞的注入已经很少见了。作为一个初学者我认为还是要能够弄清楚为什么会产生这个漏洞,这样才能从原理上理解漏洞的发生,才能更好的去修复它,本文就对XSS漏洞做一个简单的笔记,仅供大家相互交流不断的提升web开发的安全性。     XSS的全称 Cross-site Scripting,夸脚本攻击,其实它的缩写应该是CSS,但是和web开发使用的css重名了,所以就简称为XSS了,该漏洞在web开发中比较常见,下面演示一个XSS漏洞的过程,我自己写了一个很简单的web页面(大家不要拍砖),两个输入框,姓名和个人介绍。                           web开发中的常见漏洞,一般都发生在这些输入框中,一般情况我们会对这些输入域进行客户端的校验和服务器端的校验,但是在客户端的校验基本上起不来什么作用,因为客户端的所有代码我们都可以进行更改,防止漏洞的发生还是需要服务器端的校验,但是一般服务器端的校验都是校验你输入的字符或者是数字的长度等等。下面就演示一个XSS的漏洞注入,当我们写入姓名和个人介绍之后
订阅 xss