Organizational Research By

Surprising Reserch Topic

Experts Most Trusted Topic


Question:How to fix specific XSS URL issues in URL via php?


 


I am using Netsparker community edition for checking my app for any general security holes. I'm getting a lot of following XSS probable issue areas:

my_php_file.php?nsextt=" stYle=x:expre/**/ssion(alert(9)) ns="

Code in my_php_file.php is not accepting any $_GET or $_POST parameters.

So how I am supposed to fix this sort of XSS problems if I'm not even using those $_GET or $_POST parameters?

Also in pages where I do use $_GET params I get this:

my_php_file2.php?id=" stYle=x:expre/**/ssion(alert(9)) ns="

I do filter all incoming params (for example id from last snippet):

trim(htmlspecialchars($_GET['id']));

And after all that I even run result of previous in preg to allow only digits in that id param.

 


asked Sep 13, 2013 in Java Interview Questions by rajesh
edited Sep 12, 2013
0 votes
36 views



Related Hot Questions



Walkin Jobs Opening



Government Jobs Opening


...