Most voted "xss" questions
Cross-site scripting (XSS) is a type of security system vulnerability of a computer, typically found in web applications that activate malicious attacks by injecting client-side script into web pages viewed by other users.
Learn more…18 questions
Sort by count of
-
16
votes1
answer2380
viewsXSS attacks, how does it happen?
Recently a client was the victim of XSS attacks. We handle all the faulty inputs, but I can’t understand how malicious javascript code was inserted into the files ". js" on the server. How they…
-
10
votes2
answers1172
viewsBlock unwanted AJAX calls
I did a test on Google Plus, turned on Firebug and inserted a post. When parsing Firebug I recovered the URL it was executed via AJAX. I copied the URL and ran it in the browser with the active…
-
10
votes2
answers1019
viewsHow to avoid HTML Injection and XSS on . JSP pages?
In the PHP have seen uses of htmlspecialchars and mysqli. But in Java there is some way to avoid XSS and HTML Injection? I would also like to know what would be the best way (the safest): Escaping…
-
9
votes3
answers1588
viewsHow to filter data entries in PHP
Good evening, I have a form serving data entry that is displayed on the screen. The problem is that this data can be html tags or scripts, if someone puts this code in my form, the page will be…
-
9
votes2
answers874
viewsIs it possible to prevent injection of external resources and requests for greater security?
I understand that we can create and search javascript plugins, analyze the code and make sure that it will not inject anything on the outside page. But supposing there is some library from which…
-
6
votes1
answer181
viewsIs "new Domparser" safer than "Document.createelement"?
I created a script to try to remove unsafe content when injecting DOM (I’m using it in extensions/Addons for browsers): var str = "<strong>Hello</strong> mundo <script…
-
5
votes2
answers2818
viewsBlock javascript and sql-Injection attack on the same string
I am receiving data from a form in php via get. I’m handling the information as follows: $search = mysql_real_escape_string(htmlspecialchars($_GET["t"], ENT_QUOTES, 'UTF-8')); With this I intend to…
-
5
votes1
answer100
viewsDoubt exercise of xss
Guys wanted to understand the following logic of an xss challenge they were doing So because when I put <script>alert(1);</script> does not work but when I put…
-
4
votes2
answers5267
viewsHow to damage a website using XSS/SQL Injection?
I’m no kind of hacker, but I know some techniques. I’m training security and I got really thoughtful about it. Every time I inject a script, it’s a alert(), nothing dangerous to the host (for…
-
4
votes2
answers2173
viewsHow to log into Facebook using an active session cookie in the DOM?
I’m studying security in web applications. For educational purposes, I logged on to my Facebook page and copied my active session cookie obtained on document.cookie, then I opened another browser,…
-
3
votes1
answer67
viewsXSS - Prevention works on IE but doesn’t work on Chrome
When preventing an XSS attack (Alert(123;)) using Html.Encode the on-screen code is as follows: <select class="combobox" id="xssSelect" name="cmbXss"> <option selected="selected"…
-
2
votes1
answer85
viewsoutputStream writing a byteArray - XSS validation
I am working with a software that goes through a "Security Application" that indicates the lines of code that are potentially insecure (theoretically). Based on the code below, the application…
-
2
votes1
answer377
viewsIs it only possible to write code with bugs or vulnerabilities in C?
Anyone who is programmer and experienced knows an implicit truth: C is practically the language of the gods. C corresponds to at least 98% of the software that runs on all computers and thanks to…
-
1
votes1
answer372
viewsHow to avoid an XSS vulnerability in an HTML FORM?
How to avoid XSS vulnerabilities in a form by using the tag <form> </form>, in HTML? Is there any good practice in building HTML code to avoid it?
-
1
votes0
answers54
viewsTrying to access browserconfig.xml could be some kind of attack?
Here in the company where I work, we put in a certain system, made in Laravel 4, a system of sending emails every time some kind of error occurs in requests. We started to distrust some activities,…
-
1
votes1
answer398
viewsPHP Stored Security XSS and SQL Injection
Is there any security breach or possibility of attacks on the code box below? public static function prepareQuery($query, $params){ $preparedQuery = self::getConn()->prepare($query); foreach…
-
0
votes0
answers153
viewsFix XSS error pointed by Armored Site - Classic ASP
I run a website that has the seal of the armored site, recently received an email from the armored site saying that its core had changed and the new scans could identify new errors. As predicted,…
-
0
votes0
answers76
viewsHEADERS Content-Security-Policy on APACHE HTTPD with Proxypass and Proxypassreverse
I need to include headers from CSP within Apache HTTPD. Configuration I currently have: servor_backend IP: 10.10.10.11 WebServer: Apache Tomcat 6 Port: 8080 (http), 8009 (ajp) servor_frontend IP:…