2

I have a web application written in PHP. The templating engine is SMARTY. My question is very simple, yet the answer should not be that easy, because I searched the hell out of it to no avail.

When I telnet to port 80 and run the following command:

GET /some_directory_on_my_server/?""><SCRIPT>alert(123)</SCRIPT>

The servers responds back with an html page. When I save this HTML page and open it in a browser I see alert(123) on top of the page, which means that the site is vulnerable to Cross-Site Scripting (XSS).

My question is how can I access the actual url entered by the user in order to sanitize it? When it comes to user input sanitization for forms or database queries, the scenario seems to be much easier, because you actually have a variable on hand to manipulate, but in the case of actual url entered by the user in a browser, how can I get hold of the url itself to sanitize it?

For your information, I have already read all modules which provide library functions for XSS Prevention, but none gives me an example on how to deal with actual url XSS Attack. By the way, my magic_quote_gpc in my php configuration is already turned off. What should I do now? Any thoughts?

0 Answers0