anti-XSS system (4)
Date 2006-06-25 18:20:31 | Category: PHP
|
 
This is the last chapter of BigUmbrella.
The code in (3) has two points should be argued.
- Is the check pattern OK?
preg_match( '/[<\'"].{15}/s' , $val , $regs )
<img src="(REQUEST)" />
<a href="(REQUEST)">
If this pattern exists, it is not enough.
Because "java-script:" attack can exploit it.
Thus, you should add such "java-script:" checker into the code of (3).
- Is it enough to check POST and GET?
Checking COOKIE sounds non-sense, because contaminated COOKIE means he/she has already been exploited.
Rather than cookie, you should add checking $_SERVER into the checker.
Don't forget adding $_SERVER['PHP_SELF'] , $_SERVER['PATH_INFO'] , $_SERVER['PATH_TRANSLATED'] , at least.
And don't forget BigUmbrella just protect from XSS attacking.
BigUmbrella can do nothing about ScriptInsertion attack.
You should learn XSS and ScriptInsertion are different attacks each other.
|
|