I get messages saying how did you start , where to start ? so here is the answer for that when i started i had no idea what i was doing. how does a XSS happen , how does a sqli vulnerability occur. So to understand all this, what i did was is , I built a simple web application on my own (using html, php and mysql) the web application had a register page, login page and my account page. So at register page people can register with a username, password and profile photo so i basically took input $username= $_POST[username]; and echod back the username on successful sign in. that is echo welcome . $username; so if the the username is akhil it returned welcome akhil so if i gave an input of alert(1) in the place of username the web page echod back with a successful alert pop up. then i thought like how did this happen ? which made me do this, i changed the code to echo welcome . urlencode($username); which basically means that will be changed into %3Cscript%3E all special characters were stripped. and i successfully protected my site from XSS The same username was echod back again in my account page. which lead to XSS again Now the proper code which will fix XSS everywhere is $username= urlencode($_POST[username]); the same thing for sqli , i had to strip Special characters . so this is how i started learning things. even now i do the same, but before all this you need to have the passion to succeed! My advice to all is : when you know how to build it, you will also know how to break it.
Posted on: Wed, 23 Jul 2014 18:04:41 +0000
Trending Topics
Recently Viewed Topics
© 2015