Какие всевозможные обходы фильтров от xss существуют?

Discussion in 'Уязвимости' started by $eI<Tor, 23 Jan 2014.

  1. $eI<Tor

    $eI<Tor New Member

    Joined:
    18 Jan 2014
    Messages:
    21
    Likes Received:
    0
    Reputations:
    0
    Какие всевозможные обходы фильтров от xss существуют? В частности интересует возможен ли обход htmlspecialchars()! Кто что подскажет?
     
  2. Zed0x

    Zed0x Member

    Joined:
    4 Jun 2012
    Messages:
    114
    Likes Received:
    29
    Reputations:
    23
  3. DeepBlue7

    DeepBlue7 Elder - Старейшина

    Joined:
    2 Jan 2009
    Messages:
    359
    Likes Received:
    50
    Reputations:
    12
    Всё от конкретного случая зависит...
     
  4. $eI<Tor

    $eI<Tor New Member

    Joined:
    18 Jan 2014
    Messages:
    21
    Likes Received:
    0
    Reputations:
    0
    ну например вот конкретный случай!

    htmlspecialchars($_GET['name']);Что мне нужно отправить в name, чтобы обойти?
     
  5. lіgendо

    lіgendо Banned

    Joined:
    5 Nov 2013
    Messages:
    12
    Likes Received:
    2
    Reputations:
    0
    забей
     
  6. $eI<Tor

    $eI<Tor New Member

    Joined:
    18 Jan 2014
    Messages:
    21
    Likes Received:
    0
    Reputations:
    0
    Почему? Что не возможно обойти?
     
  7. psihoz26

    psihoz26 Members of Antichat

    Joined:
    22 Nov 2010
    Messages:
    546
    Likes Received:
    159
    Reputations:
    324
    Попробуй через post
     
  8. $eI<Tor

    $eI<Tor New Member

    Joined:
    18 Jan 2014
    Messages:
    21
    Likes Received:
    0
    Reputations:
    0
    конкретней можно?
     
  9. $eI<Tor

    $eI<Tor New Member

    Joined:
    18 Jan 2014
    Messages:
    21
    Likes Received:
    0
    Reputations:
    0
    там через пост никак!!((
     
Loading...