xss in the usual tests, it is quite important if the storage type xss exist, you can do a lot of things, playing cookie, add administrators and so many operations.
All of the following code is I wrote it myself, there may be unsightly, coding errors and so on, I hope you can correct me.
Vulnerability to explain
This is an input box
Write the code inside the classic pop
Click Submit, and then into index.php
There will be pop-Code
Here, add the code used earlier
The reason is that there is no input filtering, directly into the database
Simple repair
Only you need to filter content in the incoming time on it
Here we mainly use htmlspecialchars () function, which can be converted to HTML content entity, it is the perfect prevent xss vulnerability
We just need to be processed into the database when it
At this point, look at the results
At this time, it does not pop up
At this time, the HTML tag has been escaped to the entity
expand
In fact, xss role is particularly large, is absolutely not limited playing cookie, etc., before seeing a more interesting article that is crawling posture Sao meal in the background, and its essence is to use xss combined with some other things to reach , so that ideas must be open, not limited to those few use a point of vulnerability itself
No public debut article: unintentional balderdash (wuxinmengyi)
This is a record red team learning, Principal notes, personal growth number of public
Concern to scan code