-4

Checkmarx source code analysis tool marking mysql_fetch_array as Stored Cross-Site-Scripting attack.. Why and how to solve if it is real bug? below is the description of report:

Method at line 1 of abc.php gets data from the database, for the mysql_fetch_array element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method at line 1 of abc.php. This may enable a Stored Cross-Site-Scripting attack. How to fix this issue?

AviD
  • 12,944
  • 7
  • 61
  • 91
John
  • 15
  • 5

1 Answers1

3

It is impossible to tell without seeing your actual code flow.

However, it is likely that this is an actual vulnerability - Stored XSS results from pulling untrusted data from the database, and sending it straight to the web page output without any sanitization or encoding. It is highly probable your code has this issue.

In short, this can be exploited by an attacker by inserting valid, yet malicious, data into the database (through your regular input forms). When another user browses the application, and accesses these records, the application pulls that data out, and injects it into the victim's web page - creating a script injection (aka cross-site scripting) vulnerability.
Of course this allows an attacker to control another user's browser, via your application...

To fix it, simply encode all dynamic output, regardless of the source of data, before inserting it into the webpage. Note this must be done according to the specific context (e.g. HTML encoding for HTML, attribute encoding for HTML attribute values, JavaScript encoding for dynamically creating javascript in PHP, etc.)

For more info see this article on OWASP's wiki.

AviD
  • 12,944
  • 7
  • 61
  • 91