anti-XSS system (4)
Date 2006-06-25 18:20:31 | Category: PHP
|
This is the last chapter of BigUmbrella. The code in (3) has two points should be argued.
- Is the check pattern OK?
preg_match( '/[<\'"].{15}/s' , $val , $regs )
<img src="(REQUEST)" /> <a href="(REQUEST)">
If this pattern exists, it is not enough. Because "java-script:" attack can exploit it. Thus, you should add such "java-script:" checker into the code of (3).
- Is it enough to check POST and GET?
Checking COOKIE sounds non-sense, because contaminated COOKIE means he/she has already been exploited.
Rather than cookie, you should add checking $_SERVER into the checker. Don't forget adding $_SERVER['PHP_SELF'] , $_SERVER['PATH_INFO'] , $_SERVER['PATH_TRANSLATED'] , at least.
And don't forget BigUmbrella just protect from XSS attacking. BigUmbrella can do nothing about ScriptInsertion attack.
You should learn XSS and ScriptInsertion are different attacks each other.
|
|