PHP Security : Cross Site Scripting

in utopian-io •  7 years ago  (edited)

What Will I Learn?

In this tutorial, We will be learning about what is cross site scripting and how create a filter to prevent xss attack. Cross site scripting is very common bug in most of websites. Some of companies eg. Google, Facebook, Yahoo etc give bounty to reporter.

Requirements

  • WAMP/MAMP/LAMP/XAMPP or any other PHP/MySQL web stack package
  • Notepad++/Sublime
  • Basic knowledge on HTML, PHP

Difficulty

  • Intermediate

What is Cross Site Scripting?

Injecting javascript into a website to steal user's cookies or any other credential to get control on any particular victim's account is known as Cross Site Scripting, It is also known as XSS.

Types Of Cross Site Scripting :

  • Stored XSS

In this type of XSS, Javascript payload will be stored in any particular page and whenever any user try to open it, Then all data which is saved in its cookies will goes to attacker. For example, We have a blogging website, which don't have any filter against XSS. Attacker will add

<script>alert(document.cookies)</script>

this in his blog and this code will show you popup with visitors cookies. So as you know by the name script will stay stored in a page, where attacker inserted that above javascript.

  • Reflected XSS

In this type of XSS, Code doesn't stored in page as we learned in stored xss. As we can see in example below, Attacker add javascript code in q parameter. Attacker will send it to victim in email or anywhere else. Attacker will make victim to click by wrapping URL in tag

https://example.com/news?q=<script>alert(document.cookies)</script>
  • DOM Based XSS

DOM based XSS is totally different from above two type. It is mainly based upon DOM. So it means we can use it only in DOM.

PHP Normal Code

<?php
$search = $_GET['search'];
echo 'Search results for '.$search;
?>

In this code, We have a variable $ search as well as a parameter name which is also search. The method we are using is GET. When we execute this code, it will like this

URL :
http://localhost/xss1.php?search=Hello

Output: Search results for Hello

But there no any kind of restriction in this code to filter the xss or any other injection. So if attacker add < script >alert(1) </ script > in parameter of search. Then result will be
1xss.png

Filter to prevent XSS

<?php
$search = $_GET['search'];
$search = htmlspecialchars($search, ENT_QUOTES, 'UTF-8');
echo 'Search results for '.$search;
?>

In this code, We have add filter which is htmlspecialchars and **ENT_QUOTES **will convert all double and single quotes into plain text. Unrecognized character-sets will ignore and replace with its UTF8.
1xss.png
As we can see in output, All code will be execute in normal text. Any kind of code cant be execute till now. There more ways to prevent but the best way to prevent account to me and php development website is this. No one can bypass this filter till now.



Posted on Utopian.io - Rewarding Open Source Contributors

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Your contribution cannot be approved because it is not as informative as other contributions.

My opinion:

  • little information for a tutorial.
  • Very trivial.

See the Utopian Rules. Contributions need to be informative and descriptive in order to help readers and developers understand them.

You can contact us on Discord.
[utopian-moderator]

Hey @portugalcoin, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!

Hey @karannanda that is a really nice tutorial. Of Course, it is short, but I think the Reader can read it fast and understand what you are saying here.

Well done.

Looking Forward to more tutorials :)