PHP Specific XSS

[adam98150]

Having real trouble understanding this. I'm explaining and giving examples of cross site scripting but I'm being quite general I think. I have to try and relate it as much as possible to PHP. Now, you write PHP and the browser effectively converts this to HTML.

If I were to put <script>alert("hacked")</script> into a search form, I might, if the web application doesn't filter for malicious code, get an alert box that says "hacked".

Now, as far as I'm aware this is a persistent xss attack. But how would this affect the PHP? I know it's the browser that initiates the code. Just a little bit lost I think.

A point in the right direction would be greatly appreciated. And please forgive me, coding is not really my thing.

And hopefully this is ok, if not please remove!

 

[adam98150]

Thanks Jim. Big help. With my search box example above. That would be persistent right? Because the data input would be appended to the server. Whereas non-persistent is temporary and not stored on the server?

There's lots of misinformation on the web. Some say my example is persistent others say non-persistent.

Basically I have to connect cross site scripting to flaws found in PHP/mySQL. If that makes sense? I'm not great at explaining things too I'm afraid.

Currently talking about circumventing attacks when the register_globals directive is turned on in php.ini. Initializing variables and what not.

 

[adam98150]

That would be non-persistent, as each search is individual to each user and is only visible to them. To be exploited a user has to click a link to access the page with the modified search HTTP query parameters.

http://en.wikipedia.org/wiki/Cross-site_scripting#Non-persistent

You should never rely on register globals, instead manually escape stuff with either htmlentities or htmlspecialchars.

Thanks again. Think I will amend a few things. Very confusing trying to get your head around it when it's your first time researching.

Not really sure what you're trying to get at, but I've always found owasp to be the best resource for web security stuff: https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

In all honesty, I'm not quite sure TBH. I'm writing about XSS and trying to make it as relevent to PHP as possible. But it's all PHP right? Thanks for the resource, will check it out tomorrow when I have more energy.