The problem is that I still do not understand how you can hack a site in php. For example, there is a variable that I get via GET. Should I convert characters into it if I simply compare it? And if I deduce somewhere?
3 answers
Example. Chat. User messages are not processed in any way. One of the hackers sends instead of the usual JS message:
<script> window.location = "http://hashcode.ru/questions/245199/"; </script> In the same form the message is displayed in the chat. The script is triggered and redirects all users to the attacker's page.
uzumaxy uzumaxy
2,328 14 41
|
For example, to display a message entered by a user that may contain unwanted formatting. There is also htmlentities ().
y0uix y0uix
390 one 6
|
Sites are usually cracked through XSS vulnerabilities, i.e. when the user entered into the field for example the following text:
<script>alert('123');</script> then after updating the page, if the site does not pass this code through htmlspecialchars, then this code will simply be executed, and users who will get to this page will see the message '123' in the center of the screen. And if this code was passed through the htmlspecialchars function, then such characters as "<> &" and others will be converted to & lt; & gt; & amp; ( see here ), i.e. when substituting this fragment into the main code, it will not be executable anymore, since <> will be treated as characters and not as html code (which needs to be executed). If there is a vulnerability on the site, then instead of the above code, they insert an already hidden 1x1 iframe, it is indicated with some link to the same php script (your) that will be called when users hit the page with this vulnerability, and which can transmit some data to your script from this site (usually this is a user cookie).
Dron-elektron Dron-elektron
one one
|