Databases
StackOverflow2013
Postsdbo
PODetermining XSS Attack Vulnerabilities
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODetermining XSS Attack Vulnerabilities
    primarykey
    data
    text
    <p>I am experiencing a relentless XSS attack that I can't seem to prevent. I've got three total input forms on my site - one is for the uploading of images, one for adding comments to a page, and a third that sends an email via php. I am protecting all of them in one way or another, but somehow the vulnerability is still there.</p> <p>My comments code:</p> <pre><code>for($j = 0; $j &lt; 3 ; $j++) { $s = $styles[array_rand($styles)]; if($song_arr[$k] != '' &amp;&amp; $artist_arr[$k] != '' &amp;&amp; $name_arr[$k] != '') { echo '&lt;td&gt;'; echo '&lt;div class="'.$s.'" style="clear:left" &gt;'; echo '&lt;p class="rendom"&gt;'; echo 'Song:&amp;nbsp;'.htmlspecialchars($song_arr[$k]).'&lt;br&gt;Artist:&amp;nbsp;'.htmlspecialchars($artist_arr[$k]).'&lt;br&gt;Submitted By:&amp;nbsp;'.htmlspecialchars($name_arr[$k]); echo '&lt;/p&gt;'; echo '&lt;/div&gt;'; echo '&lt;/td&gt;'; } $k++; } </code></pre> <p>Upload form:</p> <pre><code> if ((($_FILES["userfile"]["type"] == "image/jpg") || ($_FILES["userfile"]["type"] == "image/jpeg") || ($_FILES["userfile"]["type"] == "image/pjpeg")) &amp;&amp; ($_FILES["userfile"]["size"] &lt; 20000)) { if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { if (move_uploaded_file ($_FILES['userfile']['tmp_name'],'userfile.jpg')) { $image = new SimpleImage(); $image-&gt;load('userfile.jpg'); $image-&gt;resize(29,136); $image-&gt;save('userfile.jpg'); ?&gt; &lt;img src="img/text/uploadSuccess.jpg" alt="Image uploaded successfully." /&gt;&lt;br /&gt; &lt;br /&gt; &lt;img src="userfile.jpg?rand=&lt;? echo rand(1,10000); ?&gt;" /&gt; &lt;? } else { echo 'Moving uploaded file failed'; } } else { echo 'File upload failed'; } } else { echo 'Invalid Filetype'; } </code></pre> <p>Email Form:</p> <pre><code>&lt;?php // Process input variables (trim, stripslash, reformat, generally prepare for email) $recipients = trim($_POST['recipients']); $sender_email = trim($_POST['sender_email']); $sender_name = stripslashes(trim($_POST['sender_name'])); $subject = stripslashes(str_replace(array("\r\n", "\n", "\r"), " ", trim($_POST['subject']))); $message = stripslashes(str_replace(array("\r\n", "\n", "\r"), "&lt;br /&gt;", trim($_POST['message']))); // Check email addresses for validity // Explode the comma-separated list of recipients + the sender email address into an array. Even if there is only one recipient, this will check for validity. $addresses = explode("," , $recipients.",".$sender_email); // For each email address specified... foreach ($addresses as $address) { // If the email address doesn't match the RFC8622 spec regex, assume invalid if (!(preg_match("~^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+(?:[A-Z]{2}|com|org|net|uk|edu|jp|de|br|ca|gov|au|info|nl|fr|us|ru|it|cn|ch|tw|es|se|be|dk|pl|at|il|tv|nz|biz)$~i", trim($address)))) { // Output error message for invalid email address and end script. echo '"' . $address . '" is not a valid email address. Please try again.'; return; } } // Check other vars are not empty if ((empty($sender_name)) OR (empty($subject)) OR (empty($message))) { // Output error message and end script. echo 'Please complete all form fields and try again.'; return; } // Send HTML email $headers = "MIME-Version: 1.0\r\nContent-type:text/html;charset=iso-8859-1\r\nFrom: ". $sender_name ." &lt;". $sender_email ."&gt; \n\n"; if (mail($recipients,$subject,$message,$headers)) { // Mail successfully sent, output success message and end script echo 'Message sent. We will be in touch with you shortly.'; return; } else { // Something unknown went wrong. =( echo 'Something went wrong which the little worker monkeys could not fix. Please try again.'; return; } ?&gt; </code></pre> <p>The XSS keeps showing up at the absolute bottom of my index page, in which i include() all of the three above files whose contents are in different files.</p> <p>Any ideas?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USjball
    1. USDave Kiss
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PODetermining XSS Attack Vulnerabilities
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PODetermining XSS Attack Vulnerabilities
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PODetermining XSS Attack Vulnerabilities
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload