Protecting and Preventing XSS exploits / attacks in WordPress blog Searches

Posted in featured Posts, PHP, Programming, security, Web on September 1, 2008

XXS? What is Cross-site Scripting XXS?

As wikipedia puts it:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack “everything looks fine” to the end-user who may be subject to unauthorized access, theft of sensitive data, and financial loss.

Test if your WordPress Blog is vunerable to an XSS

Recently, i discovered, that if you entered code such asUpdate: Might not be true now – this post was several years ago!

javascript that could be used for xss exploit attack - a simple hello alert script

It would run the script, now that script that alerts the word hello is not a massive problem, but it proves that the site is vunerable to XSS attacks!

How to Prevent XSS Exploits and attacks in your WordPress blog (or indeed any website/blog)

For WordPress: Log onto your wordpress blog, go to Design > Theme Editor, locate the file, search.php (alternitivly can be done editing the search.php via ftp) and at the very top of the file insert the following code:


<?php
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*"?[^>]*>", $check_url)) || (eregi("<[^>]*object*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*iframe*"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*meta*"?[^>]*>", $check_url)) || (eregi("<[^>]*style*"?[^>]*>", $check_url)) ||
(eregi("<[^>]*form*"?[^>]*>", $check_url)) || (eregi("([^>]*"?[^)]*)", $check_url)) ||
(eregi(""", $check_url))) {
echo"there appears to be an error, please press the back button and try again";
die ();

}
}
unset($check_url);
?>

(origional code by:sumit270 , from php.net)

For other sites and blogs put the above code in the php file where the search results are displayed, simple!

→ Read the full story | 2 Comments