Question

1 Approved Answer

Posted on Sep 12, 2024

Appendices Code of welcome.php //contains code to connect to MySQL database Comments/ Message: Click here to logout 5 http://www.xsslabelgg.com/action/friends/add?friend=40&__elgg_ts=1402467511 &__elgg_token=80923e114f5d6c5606b7efaa389213b3 GET /action/friends/add?friend=40&__elgg_ts=1402467511 &__elgg_token=80923e114f5d6c5606b7efaa389213b3 HTTP/1.1 Host:

Appendices Code of welcome.php //contains code to connect to MySQL database

Hi, Welcome " . $_COOKIE["user_cookie"] .""; echo "This is message board where you can share your views and questions. Post your message and view messages of others"; echo " "; $userID=$_COOKIE["user_cookie"]; } else{ echo "Oops.. wrong login"; header("Location: index.php"); } if(isset($_POST[POST])){ $comment = mysqli_real_escape_string($conn,$_POST[comment]); if(empty($comment)) { echo ""; } else { $sql = "INSERT INTO comments (userID,comment) VALUES (\"".$userID ."\",\"".$comment."\")"; if (mysqli_query($conn, $sql)) { } else { echo "Error: " . $sql . " " . mysqli_error($conn); die("failed: " . mysqli_error()); } } $query= "SELECT * FROM comments"; $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row["userID"]. " :" . $row["comment"]. " "; 4 } } else { ; } } if(isset($_POST[DEL])){ $userID = mysqli_real_escape_string($conn,$userID); $sql = "DELETE from comments where userID= $userID"; if (mysqli_query($conn, $sql)) { } else { echo "Error: " . $sql . " " . mysqli_error($conn); die("failed: " . mysqli_error()); } $query= "SELECT * FROM comments"; $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row["userID"]. " :" . $row["comment"]. " "; } } else { ; } } if(isset($_POST[VIEW])){ $query= "SELECT * FROM comments"; $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { echo $row["userID"]. " :" . $row["comment"]. " "; } } else { ; } } mysqli_close($conn); ?>

5 http://www.xsslabelgg.com/action/friends/add?friend=40&__elgg_ts=1402467511 &__elgg_token=80923e114f5d6c5606b7efaa389213b3 GET /action/friends/add?friend=40&__elgg_ts=1402467511 &__elgg_token=80923e114f5d6c5606b7efaa389213b3 HTTP/1.1 Host: www.xsslabelgg.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.xsslabelgg.com/profile/elgguser2 Cookie: Elgg=7pgvml3vh04m9k99qj5r7ceho4 Connection: keep-alive HTTP/1.1 302 Found Date: Wed, 11 Jun 2014 06:19:28 GMT Server: Apache/2.2.22 (Ubuntu) X-Powered-By: PHP/5.3.10-1ubuntu3.11 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: http://www.xsslabelgg.com/profile/elgguser2 Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Figure 3: ScreenshCode snippet of the welcome.php (comment/message board) page of given web application is attached as Appx. Identify the vulnerable portions of the code which attacker could have exploited to perform XSS attack. How can you modify the vulnerable code to mitigate XSS attacks? What actions can user take at browser side to avoid XSS attacks on his browser?