Page 2 - Cool PHP tricks.

Dev Shed Forums Sponsor:

#16

January 10th, 2006, 01:35 PM

kuza55

It's only wrong if you're caught....

Join Date: Dec 2003

Location: Sydney, Australia

Posts: 1,286

Time spent in forums: 3 Weeks 3 Days 6 h 10 m 16 sec
Reputation Power: 173

Quote:

Originally Posted by SimonGreenhill

It's a filter for apache's mod_security which removes all incoming cross site scripting attacks.

Unless of course you've got a problem like PHPBB did where you could URLencode the string twice (so for to get it past the filter you pass %253C in the URL, PHP converts it to %3C and if thats url decoded you get <), but then again if you're using PHPBB, there's not much that'll save you.... (Just wanted to say that while its a good idea, its not a silver bullet, just in case someone takes it as if it is....)

__________________
- Alex
Web Security Research (my blog)
Handbook of Applied Cryptography (Free!)

Page 2 of 2

Viewing: Dev Shed Forums > Programming Languages > PHP Development > Cool PHP tricks.

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump