Questions tagged as 'xss'

Tagged questions
1
answer

XSS attacks, how does it happen?

Recently a client has been the victim of XSS attacks. We treat all inputs that we encounter with faults, but I can not understand how malicious javascript code was inserted into the .js files on the server. How did you change the script via X...
asked by 28.03.2014 / 15:27
2
answers

Block unwanted AJAX calls

I tested Google Plus, turned on Firebug and inserted a post. When analyzing Firebug I retrieved the URL where it was executed via AJAX. I copied the URL and ran it in the browser with the active session. It turned out to be an error:    F...
asked by 05.06.2014 / 13:59
2
answers

How to avoid HTML injection and XSS in .JSP pages?

No PHP I have seen uses of htmlspecialchars and mysqli . But in Java is there any way to avoid XSS and HTML injection? I'd also like to know what would be the best (safest) way: Escaping the elements ( HTML , Java...
asked by 17.04.2015 / 18:42
3
answers

How to filter data entries in PHP

Good evening, I have a form serving data entry that is displayed on the screen. The problem is that this data can be html tags or scripts, if someone puts this code in my form, the page will be redirected. <meta http-equiv="refresh" content...
asked by 16.02.2015 / 04:33
2
answers

Is it possible to prevent injection of external resources and requisitions for greater security?

I understand that we can create and search javascript plugins, parse the code and make sure it will not inject anything into the page out. But supposing there is some library to inject elements <script> , <link> , &...
asked by 18.07.2015 / 19:39
2
answers

Block javascript and sql-injection attack on the same string

I'm receiving data from a form in php via get. I am handling the information as follows: $search = mysql_real_escape_string(htmlspecialchars($_GET["t"], ENT_QUOTES, 'UTF-8')); With this I intend to block attacks by javascript and sql-inj...
asked by 12.04.2014 / 18:13
1
answer

Doubt xss exercise

Galera wanted to understand the following logic of an xss challenge he was doing So because when I put <script>alert(1);</script> does not work but when I put </script><script>alert(1);</script> the...
asked by 13.02.2016 / 23:51
2
answers

How to damage a website using XSS / SQL injection?

I'm not a hacker, but I know some techniques. I'm training security and I was really thoughtful about it. Every time I inject a script, it is a alert() , nothing dangerous for the host (for example). I do not have a website, there is no wa...
asked by 21.06.2014 / 05:06
2
answers

How to log in to FaceBook using an active session cookie in the DOM?

I'm studying security on web applications. For educational purposes, I logged into my facebook page and copied my active session cookie from document.cookie , then opened another browser, logged on to the facebook homepage (unlogged) an...
asked by 28.06.2015 / 07:08
1
answer

Is "new DOMParser" safer than "document.createElement"?

I created a script to try to remove unsafe content at the time of injecting DOM (I'm using in extensions / addons for browsers): var str = "<strong>Hello</strong> mundo <script src="http://site/badscript.js"></script...
asked by 30.05.2016 / 18:54