Breaking News

Thursday, April 10, 2014

Fix Bug XSS pada Search Enggine 

<form method="get" action="#">
 <input type="text" name="src" <?php if (isset($_GET['src'])) {echo "value=\"".htmlentities($_GET['src'])."\"";} ?>>
 <button>Cari</button>
</form>
</br>
<form method="get" action="#">
 <input type="text" name="src" <?php if (isset($_GET['src'])) {echo "value=\"".$_GET['src']."\"";} ?>>
 <button>Cari</button>
</form>
</br>
<legend>bedakan ya,, </legend></br>
<?php 
 if (isset($_GET['src'])) {
  echo htmlentities($_GET['src']);
  echo "<hr>";
  echo $_GET['src'];
 }
 ?>

Buat file php dengan source code di atas...
terus liat kita test dengan tulian

  1. "><script type="text/javascript">alert('XSS Bug');</script>
  2. <h1>XSS Bug</h1>
Liat Bedanya.. yg menggunakan htmlentities dan tidak


Jasa Pembuatan Website




Posted by at
Labels: , , , ,

No comments:

Post a Comment

Yuk Komentar, Jaga lisan, Jaga Hati, Jaga Iman :D

Subscribe to: Post Comments (Atom)
Designed By Published.. Blogger Templates