NYCPHP Meetup

[nycphp-talk] User Input Data scrubbing

Ben Sgro ben at projectskyline.com
Sun Nov 30 11:35:03 EST 2008


Hello,

Try: http://ha.ckers.org/xss.html

- Ben

Konstantin Rozinov wrote:
> does anyone know where I can find a list of sample MALICIOUS data that
> i can input into my forms to see how the code reacts?
> i'm not looking for any automation or program, just the actual sample
> data.  i'm trying to do QA on my code.
>
> any help would be greatly appreciated. thanks.
>
>
>
> On Sat, Nov 29, 2008 at 12:12 AM, Elijah Insua <tmpvar at gmail.com> wrote:
>   
>> Yeah, or these two words: "Filter Input"
>>
>> Which ever route you take. you also need to do sql injection cleansing.
>>
>> scrub, rinse, repeat.
>>
>> On Fri, Nov 28, 2008 at 8:00 PM, Chris Shiflett <shiflett at php.net> wrote:
>>     
>>> On Nov 28, 2008, at 16:59, Michele Waldman wrote:
>>>
>>>       
>>>> What about inserting a comment
>>>>
>>>> <script>alert('hi');</script>'; delete from users;
>>>>
>>>> Like I'm going to name my table users?
>>>>
>>>> With that one statement about they have performed a sql injection and
>>>> html injection in one stroke.
>>>>
>>>> Bada bing bada bang bada boom
>>>>
>>>> Next time I display their comment out of the database they are popping up
>>>> an alert to every user and my users are gone.
>>>>
>>>> Michele
>>>>         
>>> Two words: escape output
>>>
>>> --
>>> Chris Shiflett
>>> http://shiflett.org/
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> New York PHP User Group Community Talk Mailing List
>>> http://lists.nyphp.org/mailman/listinfo/talk
>>>
>>> http://www.nyphp.org/show_participation.php
>>>       
>> _______________________________________________
>> New York PHP User Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/show_participation.php
>>
>>     
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
>   



More information about the talk mailing list