Will pay for fix! Encoding html forms - XSS Scripting

Discussion in 'Security' started by drhfinegifts, Apr 24, 2007.

0
  1. #1
    I just added Hacker Safe to my ecommerce site.

    During the initial audit scan, I have 2 XSS vulnerabilities, which I have no idea on how to fix.

    The vulnerabilities are in posting form data.

    Please PM me if you think you can help me recode the form data to fix this.
     
    drhfinegifts, Apr 24, 2007 IP
  2. drhfinegifts

    drhfinegifts Peon

    Messages:
    368
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Does anyone know how to fix this? I'm not sure how to sanitize the input and output form data from XSS.

    I'm running an osCommerce site using PHP with Apache.
     
    drhfinegifts, May 8, 2007 IP
  3. komirad

    komirad Well-Known Member

    Messages:
    921
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    108
    #3
    komirad, May 8, 2007 IP
  4. CodyRo

    CodyRo Peon

    Messages:
    365
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Will need more information on what stuff you're running.. commercial script? free script? home made script?

    Typically just filtering the output of the data using a PHP function like htmlentities() will fix the issue.
     
    CodyRo, May 12, 2007 IP
  5. randomIntellections

    randomIntellections Well-Known Member

    Messages:
    985
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    180
    #5
    Can you PM me the exact report sent by hacker safe, We will be able to help you out .
     
    randomIntellections, May 13, 2007 IP