Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

Understanding XSS attacks ...

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Understanding XSS attacks ...

Postby pepelepew1962 » Wed Jan 25, 2012 7:58 pm

Hello:

I am really trying to understand XSS attacks and can't seem to wrap my head around it, I would rather seem like a fool than program like one with holes in it. My problem is understanding how an attack occurs. Let's say Mary logs into the system and creates a record in the table via an html form. I have php filters and validation for the data before it actually goes into mysql table. My question is how does John attack my website? Or more important, how does he actually change files? If he were to have a log in
and gains access because it doesn't take much to register, how? Is it a matter of the filter being bad and his XSS scipt is in a record and when someone open/views that record (field) the script is launched? I have read lots on how the javascript, for example, is placed in the url or form fields but nothing explains whether the information is saved and launched via the record stored in the database.
pepelepew1962
New php-forum User
New php-forum User
 
Posts: 14
Joined: Sat May 28, 2011 5:12 pm

Re: Understanding XSS attacks ...

Postby TheProdigyGuy » Thu Jan 26, 2012 12:25 pm

Hello
Here is very usefull sites and you can find more information there about XSS(another vulnerabilities as well)
http://www.exploit-db.com/
www.packetstormsecurity.com
http://en.wikipedia.org/wiki/Cross-site_scripting
Just search for XSS,Cross Site Scripting and you can find papers about it.

It is so simple: XSS is Client side Vulnerability(actually it is nothing does on server side)
But when that XSS 'payload' goes to client browser it will exploit.

In ex: Can steal User cookies and using that stealed cookies login to your administration pane without login + password)(You can find a lot of tonnes whitepapers 'how to learn hack')
In ex: Can redirect to malware sites which will try to exploitate client side vulnerabilities(in ex: Drive BY Download,Buffer Overflow in PDF readers,etc)
XSS+SQL injections are common vulnerabilities in web applications.
XSS-is not so harmfull in this case(But it depends on situation)
SQLI is more harmfull.And Serious.

My question is how does John attack my website? Or more important, how does he actually change files? If he were to have a log in

Well,John can find another type vulnerability or misconfiguration on your site.
In ex: Remote file Include,Local File include,Travelsal,SQLi,CSRF etc etc etc.
I will recommend to check all your Access and error logs for such suspic actions.(Log based investigation)
ssh>zgrep 'suspic goes here' *.gz|less

If you can't find anything well you need make sure your hosting is UP2DATE+correctly administering)
BTW,
I would rather seem like a fool than program like one with holes in it

Acunetix is very usefull in this case)
TheProdigyGuy
New php-forum User
New php-forum User
 
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron