--- layout: slides title: Security scripts: [ ./script.js ] styles: [ ../reveal.js/theme/blood.css, ../reveal.js/zenburn.css, ./style.css ] ---

XSS Injections

Noah Loomans
Noah Loomans
67B0 295A C271 345D 0706 4B9B 8B23 75F3 B367 DF6D

Cross Site Scripting

Sample Code


<?php

$sql = "SELECT comment FROM comments";
$result = $conn->query($sql);

// output data of each row
while($row = $result->fetch_assoc()) {
    echo $row["comment"] . "<br>";
}

?>

What if I enter <b>hello</b>?


<p class="comments">
This sucks<br>
First!<br>
<b>hello.</b><br>
</p>̿

<script>

Sample Code


<?php

$sql = "SELECT comment FROM comments";
$result = $conn->query($sql);

// output data of each row
while($row = $result->fetch_assoc()) {
  echo htmlspecialchars($row["comment"]); . "<br>";
}

?>

Source: w3schools

< -> &lt;

https://hack-challange-nloomans.c9users.io/