User Controls
This is pretty neat.
-
2015-06-28 at 4:13 AM UTCTurn NoScript off if you have it on.
http://www.uaevents.com/site/page.php?id=155&title=%3Cscript%3Ealert%28%22Sophie+is+a+Skid%22%29%3C%2Fscript%3E&Submit=Go
Why the hell does this even work. -
2015-06-28 at 4:31 AM UTCChrome master race reporting in:
But yeah, it's just a different flavor of injection attack. You (or the developer in this case) should never insert untrusted strings into your markup without sanitization, otherwise this will happen and you can hijack people's sessions. -
2015-06-28 at 4:41 AM UTC
Chrome master race reporting in:
But yeah, it's just a different flavor of injection attack. You (or the developer in this case) should never insert untrusted strings into your markup without sanitization, otherwise this will happen and you can hijack people's sessions.
All your sessions are belong to me. So why do you think the developer failed to sanitize? Seems pretty silly not to. -
2015-06-28 at 5:51 AM UTCEhh, why does anyone make any mistake? The dev was probably just trying to implement something on a deadline and didn't think about it. There's also a cultural factor, pretty much everyone knows about SQL injection and even an entry level web dev would know that when you're manually concatenating SQL strings you're probably fucking something up. Awareness of XSS issues is not as thoroughly dispersed. It depends on the environment, in more modernized frameworks markup sanitization happens by default and you have to very intentionally declare your intention to sidestep it whereas probably a majority of PHP code, even today, has ad-hoc tooling rather than a well thought out communal approach you see in major frameworks. It's not a particularly complicated problem in concept but by the nature of the response pipeline managing strings end-to-end in a safe way takes a lot of machinery that it would be unusual to see done at all, much less done right, in a frameworkless PHP project.The following users say it would be alright if the author of this post didn't die in a fire!
-
2015-06-28 at 6:06 AM UTC
Ehh, why does anyone make any mistake? The dev was probably just trying to implement something on a deadline and didn't think about it. There's also a cultural factor, pretty much everyone knows about SQL injection and even an entry level web dev would know that when you're manually concatenating SQL strings you're probably fucking something up. Awareness of XSS issues is not as thoroughly dispersed. It depends on the environment, in more modernized frameworks markup sanitization happens by default and you have to very intentionally declare your intention to sidestep it whereas probably a majority of PHP code, even today, has ad-hoc tooling rather than a well thought out communal approach you see in major frameworks. It's not a particularly complicated problem in concept but by the nature of the response pipeline managing strings end-to-end in a safe way takes a lot of machinery that it would be unusual to see done at all, much less done right, in a frameworkless PHP project.
Makes sense, thanks for the insight. -
2015-07-02 at 11:57 AM UTCDoes this present a risk to the owner/maintainer of the site or just the end user?
-
2015-07-02 at 9:09 PM UTC
Does this present a risk to the owner/maintainer of the site or just the end user?
Both. If you're able to use XSS to hijack someone's session you can potentially gain unauthorized access to privacy sensitive information on both client and host. -
2019-07-03 at 11:18 AM UTCReported
