Saturday, May 3rd, 2008
Today's post will include 3 different languages: html, php and sql. There is a mysql database, a php backend and an html form to try out different injections, as well as a sample injection and vulnerable/patched code.
We'll start off by making a sample table in mysql:
[sourcecode language='sql']
CREATE TABLE `example`.`users` (
`id` ...
Posted in Hacks and Bugs, Security, Technology | 1 Comment »
Wednesday, April 30th, 2008
Last time we covered XSS in php. What about perl? It turns out there's an even more in house solution to XSS in perl, because it has been used so long for cgi. We'll use the same basic example.
[sourcecode language='html']
alert('XSS!');
[/sourcecode]
This is the XSS attack.
[sourcecode language='html']
This script is vulnerable to ...
Posted in Hacks and Bugs, Programming, Security, Technology | No Comments »
Wednesday, April 30th, 2008
If you're at all knew to web development, it's possible that you haven't heard of XSS. Maybe you have heard of it, but you don't know the technical details? This article will shed some light on the basics of coding against XSS in php, with vulnerable and patched code examples, ...
Posted in Hacks and Bugs, Programming, Security, Technology | 2 Comments »