XSS related attack.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have started to study sessions and as I understood it works in the
following way:

Let us consider two files first.php and second.php. By clicking on a
link in the file first.php user pass to the file second.php. We want
PHP programs in second.php can see values of variables which (values)
have been set in the first.php. It can be done in the following way:
   ·Both files have to start with session_start();.
   ·Variables whose values are set in the first.php and have to be
seen in the second.php have to be declared as session_register(
"variable_name" ); (before value of variable is set).
   ·In the place in first.php where we make link to second.php we
need to write second.php?.SID (instead of second.php). In this case
values of variables can be passed from first.php to second.php even if
user prohibits saving cookies.

As I understood it is better to replace SID by strip_tags(SID). In this
case one can avoid  an XSS related attack. But I do not know what is
this attack and what strip_tags does.

Re: XSS related attack.

opt_inf_env@yahoo.com wrote:
Quoted text here. Click to load it


Quoted text here. Click to load it



Site Timeline