douwei2966 2013-03-12 11:38
浏览 28

XSS和PHP攻击[关闭]

I have been assigned to test a website that another group has just created. I have discovered

that it is prone to XSS attacks. However, it does not really throw

up an error or any valid information when I use JS with PHP:

i.e. var someVar = <?php echo 'a'; ?>

     alert(someVar);

This led to my assuming that a site prone to XSS attacks may not necessarily allow php code

to be injected. Am I correct? If not, is there anything with the segment that I posted above?

And, the reason I haven't tried php injection via the GET variables is that I do

not use anything of the form page.php?id='', that queries the database, as of now, except for

the registration and login part, which is via POST.

  • 写回答

2条回答 默认 最新

  • dongzhanlian6289 2013-03-12 11:44
    关注

    This led to my assuming that a site prone to XSS attacks may not necessarily allow php code to be injected. Am I correct?

    Yes, of course.
    XSS attacks has nothing to do with PHP code injections. It's all about JS code injection

    评论

报告相同问题?

悬赏问题

  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 linux驱动,linux应用,多线程