develooper Front page | perl.beginners | Postings from May 2007

ScanAlert XSS warnings

Thread Next
From:
Mike Blezien
Date:
May 31, 2007 10:52
Subject:
ScanAlert XSS warnings
Message ID:
007801c7a3ac$6f5f2fc0$04fea8c0@DGGTPQ11
Hello,

there is a script on our site, that receives this warning from the HackSafe
scanalerts"

------------------------------------------------------------------------------
" ... The remote web application appears to be vulnerable to cross site
scripting (XSS).

General Solution:
HTML encode data before sending it to the browser.

Filtering < and > alone will not solve all cross site scripting attacks.
It is suggested you also attempt to filter out open and closing parenthesis or
convert them to their encoded equivalents.  ... "
----------------------------------------------------------------------------

I have gone through the script serveral times and though we had it corrected. 
Has anyone on the list experience this problem and may have some suggestions on 
how to correct this XSS scripting. This takes a POST from a standard type 
registration form.

TIA,

Mike(mickalo)Blezien
===============================
Thunder Rain Internet Publishing
===============================


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About