I'm testing my own web page with the following vulnerabilities.
1:
Form escapes ' to \'
So if a user tries to enter the following information:
username: 'or'1=1
password: m
username will actually look like \'or\'1=1
2:
Script tags allowed.
So if a user tries to enter:
username: alert(0)
password: m
then a dialog box will pop up with 0.
I'm wondering whether the first method is truly secure against sqli. I know there are things about handling comments, but is this a good way to handle the single quote?
Also, in the second vulnerability, what can a malicious user do in this case? I'm aware of XSS attacks, but I thought those were with the URL. Is this really a big security flaw?
Aucun commentaire:
Enregistrer un commentaire