WeChall CGX#11: Cross Site Scripting

here's how to solve CGX#11: Cross Site Scripting

Back to the WeChall Guides

CGX#11: Cross Site Scripting

Name: CGX#11: Cross Site Scripting
Tags: Training, CGX, Exploit
Score: 0
Description: Hello future Hackers,

In this tutorial you will learn a tiny bit about XSS.
There is a little training challenge waiting for you, which we will dicuss in the video.

You can see the source of the vulnerable application under mask1.code

You can play with it a bit, like we did in the video, and the solution is the name of the php function that you can use to display userinput safely.

Greetings
- gizmore and x

Theory

So this one's a little problem of php, a pretty cool language I know. So this one's a little tricky, it's about Cross-Site Scripting (XSS). This happens when you let users input stuff without sanitization, letting them to inject bad HTML or bad JavaScript. In PHP, the easiest ways to prevent XSS is by using the htmlspecialchars() function, which basically converts any special characters like <, >, ", and & to their entities in HTML: &lt;, &gt;, &quot;, and &amp;, making any HTML tags just plain text in the browser and not executed like actual HTML. So that means, that by using the htmlspecialchars() function, you can let users create content while not having XSS vulnerabilities.

Solution

So now that we know what function they're talking about, we'll put the name of the function here (without the parentheses), and check if we were right:

Answer: htmlspecialchars

WeChall: Your answer is correct!

I voted this level as:

Diff: 05
Ed  : 10
Fun : 08
https://wechall.net/en/challenge/codegeex/02_00_encodings/02_40_ascii/index.php

Explore My Website