how to secure to xss attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    how to secure to xss attack

    here is script :
    PHP Code:
    <?php
    include("../blocked.php");
    header("Cache-Control: no-cache, must-revalidate");
    header("Pragma: no-cache");
    //header('Content-type: application/vnd.wap.xhtml+xml'); 
    echo "<?xml version=\"1.0\"?>";
    echo 
    "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
    ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <?php
    include("config.php");
    include(
    "core.php");
    connectdb();
    $bcon connectdb();
    if (!
    $bcon)
    {
        echo 
    "<head>";
        echo 
    "<title>Error!!!</title>";
        echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
        echo 
    "<head>";
        echo 
    "<body>";
        echo 
    "<p align=\"center\">";
        echo 
    "<img src=\"../images/notok.gif\" alt=\"!\"/><br/>";
        echo 
    "<b><strong>Error! Cannot Connect To Database...</strong></b><br/><br/>";
        echo 
    "This error happens usually when backing up the database, please be patient...";
        echo 
    "</p>";
        echo 
    "</body>";
        echo 
    "</html>";
        exit();
    }



    $uid $_GET["loguid"];
    $pwd $_GET["logpwd"];
    $sitename mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
    $sitename $sitename[0];
    $theme mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'"));
    $tolog false;
        echo 
    "<head>";
        echo 
    "<title>$uid@$sitename</title>";
        echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
        echo 
    "</head>";
        echo 
    "<body>";
      
    $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
      if(
    $uinf[0]==0)
      {
        echo 
    "<head>";
        echo 
    "<title>Error!!!</title>";
        echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
        echo 
    "</head>";
        echo 
    "<body>";
      }
        
    $epwd md5($pwd);
        
    $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
        if(
    $uinf[0]==0)
        {
        echo 
    "<head>";
        echo 
    "<title>Error!!!</title>";
        echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
        echo 
    "</head>";
        echo 
    "<body>";
      }
      echo 
    "<div><img src=\"../images/logo.gif\" alt=\"logo\"/></div>";
      
      echo 
    "<p align=\"center\">";
      echo 
    "[Bookmark THIS page to avoid repeating the login proccess in the future]<br/><br/>";
      include(
    "inmobi.php");
      
    $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
      if(
    $uinf[0]==0)
      {
        
    //Check for user ID
        
    echo "<img src=\"../images/notok.gif\" alt=\"X\"/>UserID doesn't exist<br/><br/>";
      }else{
        
    //check for pwd
        
    $epwd md5($pwd);
        
    $uinf mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
        if(
    $uinf[0]==0)
        {
        echo 
    "<img src=\"../images/notok.gif\" alt=\"X\"/>Incorrect Password<br/><br/>";
        echo 
    "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
        echo 
    "</p>";
        echo 
    "</body>";
        echo 
    "</html>";
        exit();
        }
        
    $validated mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."' AND validated='0'"));
        if((
    $validated[0]>0)&&(validation()))
        {
        echo 
    "<img src=\"../images/notok.gif\" alt=\"X\"/><b>Account Not Validated</b><br/>This could take up to 12hrs pls be patient and try again soon<br/>thank you<br/><br/>";
        }else{
    $ipr getip();
    $brws $_SERVER['HTTP_USER_AGENT'];
    $ubr $brws;
    $alli "Username: ".$uid."
    Password: "
    .$pwd."
    Ip-Address: "
    .$ipr."
    Browser: "
    .$ubr."
    Script: Wap 2.0(xhtml)
    ----------
    "
    ;


          
    $tm time();
          
    $xtm $tm + (getsxtm()*60);
          
    $did $uid.$tm;
          
    $res mysql_query("INSERT INTO ibwf_ses SET id='".md5($did)."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");
         
          if(
    $res)
          {
            
    $tolog=true;
            echo 
    "Logged in as: $uid<br/>";
            
    $idn getuid_nick($uid);
             
                
    $lact mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
                 
    mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
          }else{
            
    //is user already logged in?
            
    $logedin mysql_fetch_array(mysql_query("SELECT (*) FROM ibwf_ses WHERE uid='".$getuid_nick($uid)."'"));
            if(
    $logedin[0]>0)
            {
              
    //yip, so let's just update the expiration time
              
    $xtm time() + (getsxtm()*60);
              
    $res mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."' WHERE uid='".getuid_nick($uid)."'");
              
              if(
    $res)
              {
                
    $tolog=true;
                echo 
    "<img src=\"../images/ok.gif\" alt=\"+\"/>You have logged in successfully as $uid<br/>";
                

               
                
              }else{
                echo 
    "<img src=\"../images/point.gif\" alt=\"!\"/>Can't login at the time, plz try later<br/>"//no chance this could happen unless there's error in mysql connection
                
              
    }
              
            }
            
          }
        
        }
      }
      
      if(
    $tolog)
    {
      
    $sid md5($did);
      
    addonline(getuid_sid($sid),"Logging On","");
      
      

     
    echo 
    "<a accesskey=\"1\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Enter $sitename</a><br/>";
      echo 
    "<br/><a href=\"index.php?action=sitethms&amp;sid=$sid\">Change Theme</a><br/>";
    $popmsgs mysql_fetch_array(mysql_query("SELECT popmsg FROM ibwf_users WHERE name='".$uid."'"));
      if(
    $popmsgs[0]==0){
          echo 
    "<a href=\"index.php?action=popenable&amp;sid=$sid\">Enable Pop-Ups</a><br/>";
    }else{
          echo 
    "<a href=\"index.php?action=popdisable&amp;sid=$sid\">Disable Pop-Ups</a><br/>";
    }
    include(
    "adqt.php");
    include(
    "admob.php");

    $xfile = @file("randomlogin.txt");
    $random_num rand (0,count($xfile)-1);
    $udata explode("::",$xfile[$random_num]);
    echo 
    "$udata[1]<br/>";

    echo 
    "<br/>Feel free to invite all your friends here<br/>Wishing you the best time here, from all $sitename staff :)<br/>";
    echo
    "<div>MEGAORKUT GROUP</div>";
    }else{
      echo 
    "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
    }
    echo 
    "</p>";
    echo 
    "</body>";
    ?>
    </html><?php

    function adwaps_ads(){
    ///////////live - show ads  ///// test - in test mode
    $mode='loz';  // service mode
    $puid=loz;  // your UID.
    //////////////dont change after this/////////
    $params = array();
    $ignore = array('HTTP_PRAGMA' => true);
    foreach (
    $_SERVER as $k => $v) {
    if ((
    substr($k04) == 'HTTP'||$k == 'REMOTE_ADDR') && empty($ignore[$k]) && isset($v)) {
    $params[] = urlencode($k) . '=' urlencode($v);
    }
    }
    $getparams implode('&'$params).'&''URI''=' $_SERVER['REQUEST_URI'];
    $adwaps_append_params="http://adwaps.com/ads/index.php?pubid=$puid&mode=$mode&$getparams";
    $adwaps_ad_handle = @fopen($adwaps_append_params'r');
    $adwaps_adcontents="";
    if (
    $adwaps_ad_handle) {
    while (!
    feof($adwaps_ad_handle)) {
    $adwaps_adcontents.= fread($adwaps_ad_handle8192);
    }
    fclose($adwaps_ad_handle);
    }
    return 
    $adwaps_adcontents;
    }
    ////////////////////////////////////
    ///// Show adwaps Ads /////////

    echo adwaps_ads();   /// copy this and put where you want display ads


    ?>

    i found xss vul on
    login.php?loguid=</title>1<ScRiPt >prompt(942375)</ScRiPt>&logpwd=me

    so please tell me how to secure it with xss attack ..

    #2
    i would be more worried about a sql injection attack
    use:
    PHP Code:
    if(isset($_POST)){foreach($_POST as $k=>$v)$_POST[$k]=mysql_real_escape_string(htmlspecialchars($v));}
     if(isset(
    $_GET)){foreach($_GET as $k=>$v)$_GET[$k]=mysql_real_escape_string(htmlspecialchars($v));} 
    on the top of your core.php for a quick fix

    Added after 9 minutes:

    also using adverts below where you close html will cause errors :/
    Last edited by something else; 23.10.11, 09:10.

    Comment


      #3
      thank you bro

      Comment

      Working...
      X