• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Xss, sql injections: remainder

Joined
Sep 26, 2015
Likes
2
#1
I must admit, some may find it sad that in 2015, you have still to recall to check for SQL injections and for XSS, but it is still a thing of today. Because as every community website comes out, there's a chance that's a new webmaster not prepared or who forgot that XSS and SQL injections existed, among other end-users attacks forcing you to use a token instead of leaving your infrastructure simple.

For the recall, XSS is an attack where you submit content on a website like on a forum or inside a comment form, and when this comment is published, it is read by the browser. The problem is that, if you don't take care of transform the < > of the HTML tags into something inoffensive like &lt; &gt; the browser will execute it as if the comment was HTML. And if the user posts the tag, your website safety is threatened.

On the other side, SQL injections is because, when you add a comment to your database, you simply send a string to the SQL server. The problem is strings are easily hackable when they are just separated by characters. The problem is that, the user input can contains special characters like " & ' and basically, they can inject any arbitrary SQL requests just by doing so.

Do you think these attacks are alive or a thing of the past? Do you take care of that?
 

kibria97

New Member
Joined
Oct 18, 2015
Likes
0
#2
the recall, XSS is an attack where you submit content on a website like on a forum or inside a comment form, and when this comment is published, it is read by the browser. The problem is that, if you don't take care of transform the < > of the HTML tags into something inoffensive like &lt; &gt; the browser will execute it as if the comment was HTML. And if the user posts the tag, your website safety is threatened.
 
Top Bottom