how to secure to xss attack

Admin

Member

Join Date: Jul 2010

Posts: 30
#1

how to secure to xss attack

23.10.11, 08:27

here is script :

PHP Code:

<?php include("../blocked.php"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); //header('Content-type: application/vnd.wap.xhtml+xml'); echo "<?xml version=\"1.0\"?>"; echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">"; ?> <html xmlns="http://www.w3.org/1999/xhtml"> <?php include("config.php"); include("core.php"); connectdb(); $bcon = connectdb(); if (!$bcon) { echo "<head>"; echo "<title>Error!!!</title>"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">"; echo "<head>"; echo "<body>"; echo ""; echo "<img src=\"../images/notok.gif\" alt=\"!\"/> "; echo "Error! Cannot Connect To Database... "; echo "This error happens usually when backing up the database, please be patient..."; echo ""; echo "</body>"; echo "</html>"; exit(); } $uid = $_GET["loguid"]; $pwd = $_GET["logpwd"]; $sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'")); $sitename = $sitename[0]; $theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'")); $tolog = false; echo "<head>"; echo "<title>$uid@$sitename</title>"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">"; echo "</head>"; echo "<body>"; $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'")); if($uinf[0]==0) { echo "<head>"; echo "<title>Error!!!</title>"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">"; echo "</head>"; echo "<body>"; } $epwd = md5($pwd); $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'")); if($uinf[0]==0) { echo "<head>"; echo "<title>Error!!!</title>"; echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">"; echo "</head>"; echo "<body>"; } echo "<div><img src=\"../images/logo.gif\" alt=\"logo\"/></div>"; echo ""; echo "[Bookmark THIS page to avoid repeating the login proccess in the future] "; include("inmobi.php"); $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'")); if($uinf[0]==0) { //Check for user ID echo "<img src=\"../images/notok.gif\" alt=\"X\"/>UserID doesn't exist "; }else{ //check for pwd $epwd = md5($pwd); $uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'")); if($uinf[0]==0) { echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Incorrect Password "; echo "0 <a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>"; echo ""; echo "</body>"; echo "</html>"; exit(); } $validated = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."' AND validated='0'")); if(($validated[0]>0)&&(validation())) { echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Account Not Validated This could take up to 12hrs pls be patient and try again soon thank you "; }else{ $ipr = getip(); $brws = $_SERVER['HTTP_USER_AGENT']; $ubr = $brws; $alli = "Username: ".$uid." Password: ".$pwd." Ip-Address: ".$ipr." Browser: ".$ubr." Script: Wap 2.0(xhtml) ---------- "; $tm = time(); $xtm = $tm + (getsxtm()*60); $did = $uid.$tm; $res = mysql_query("INSERT INTO ibwf_ses SET id='".md5($did)."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'"); if($res) { $tolog=true; echo "Logged in as: $uid "; $idn = getuid_nick($uid); $lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'")); mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'"); }else{ //is user already logged in? $logedin = mysql_fetch_array(mysql_query("SELECT (*) FROM ibwf_ses WHERE uid='".$getuid_nick($uid)."'")); if($logedin[0]>0) { //yip, so let's just update the expiration time $xtm = time() + (getsxtm()*60); $res = mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."' WHERE uid='".getuid_nick($uid)."'"); if($res) { $tolog=true; echo "<img src=\"../images/ok.gif\" alt=\"+\"/>You have logged in successfully as $uid "; }else{ echo "<img src=\"../images/point.gif\" alt=\"!\"/>Can't login at the time, plz try later "; //no chance this could happen unless there's error in mysql connection } } } } } if($tolog) { $sid = md5($did); addonline(getuid_sid($sid),"Logging On",""); echo "<a accesskey=\"1\" href=\"index.php?action=main&sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Enter $sitename</a> "; echo " <a href=\"index.php?action=sitethms&sid=$sid\">Change Theme</a> "; $popmsgs = mysql_fetch_array(mysql_query("SELECT popmsg FROM ibwf_users WHERE name='".$uid."'")); if($popmsgs[0]==0){ echo "<a href=\"index.php?action=popenable&sid=$sid\">Enable Pop-Ups</a> "; }else{ echo "<a href=\"index.php?action=popdisable&sid=$sid\">Disable Pop-Ups</a> "; } include("adqt.php"); include("admob.php"); $xfile = @file("randomlogin.txt"); $random_num = rand (0,count($xfile)-1); $udata = explode("::",$xfile[$random_num]); echo "$udata[1] "; echo " Feel free to invite all your friends here Wishing you the best time here, from all $sitename staff :) "; echo"<div>MEGAORKUT GROUP</div>"; }else{ echo "0 <a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>"; } echo ""; echo "</body>"; ?> </html><?php function adwaps_ads(){ ///////////live - show ads ///// test - in test mode $mode='loz'; // service mode $puid=loz; // your UID. //////////////dont change after this///////// $params = array(); $ignore = array('HTTP_PRAGMA' => true); foreach ($_SERVER as $k => $v) { if ((substr($k, 0, 4) == 'HTTP'||$k == 'REMOTE_ADDR') && empty($ignore[$k]) && isset($v)) { $params[] = urlencode($k) . '=' . urlencode($v); } } $getparams = implode('&', $params).'&'. 'URI'. '=' . $_SERVER['REQUEST_URI']; $adwaps_append_params="http://adwaps.com/ads/index.php?pubid=$puid&mode=$mode&$getparams"; $adwaps_ad_handle = @fopen($adwaps_append_params, 'r'); $adwaps_adcontents=""; if ($adwaps_ad_handle) { while (!feof($adwaps_ad_handle)) { $adwaps_adcontents.= fread($adwaps_ad_handle, 8192); } fclose($adwaps_ad_handle); } return $adwaps_adcontents; } //////////////////////////////////// ///// Show adwaps Ads ///////// echo adwaps_ads(); /// copy this and put where you want display ads ?>

i found xss vul on
login.php?loguid=</title>1<ScRiPt >prompt(942375)</ScRiPt>&logpwd=me

so please tell me how to secure it with xss attack ..
Tags: None
something else

Moderator

Join Date: Feb 2008

Posts: 2295
#2

23.10.11, 08:59

i would be more worried about a sql injection attack
use:

PHP Code:

if(isset($_POST)){foreach($_POST as $k=>$v)$_POST[$k]=mysql_real_escape_string(htmlspecialchars($v));} if(isset($_GET)){foreach($_GET as $k=>$v)$_GET[$k]=mysql_real_escape_string(htmlspecialchars($v));}

on the top of your core.php for a quick fix

Added after 9 minutes:

also using adverts below where you close html will cause errors :/

Last edited by something else; 23.10.11, 09:10.
Comment
Admin

Member

Join Date: Jul 2010

Posts: 30
#3

23.10.11, 14:25

thank you bro
Comment

Previous template Next

how to secure to xss attack

how to secure to xss attack

Comment

Comment