Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jun 2007
    Location
    Los Angeles
    Posts
    545
    Thanks
    81
    Thanked 5 Times in 5 Posts

    Cross Site Scripting Help

    My website failed a PCI scan because of cross site scripting. The report gave an example of the code:

    PHP Code:
    http://www.mywebsite.com:80/?<SCRIPT>foo</SCRIPT> 
    I don't understand how to code against this security failure. My site has an index.php file so I'm assuming I have to add some code in that file since the domain URL defaults to using that file.

    I have a sanitize function being used on all the fields coming from the index.php file already. But I guess I'm still missing something.

    Thanks for any help...
    RalphF
    Business Text Messaging Services
    https://www.MobileTextingService.com

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Do you allow anything to be passed through the query string?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Regular Coder
    Join Date
    Jun 2007
    Location
    Los Angeles
    Posts
    545
    Thanks
    81
    Thanked 5 Times in 5 Posts
    Well, I have some of the fields passing data thru but they are run thru my sanitize function so I think they are ok. I guess I'm a bit puzzled about that Foo argument and how to detect/filter it? So I guess I don't know how to filter arguments that not coming from my fields. Something is just not connecting in my brain.
    RalphF
    Business Text Messaging Services
    https://www.MobileTextingService.com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •