PHP Security Attacks and Prevention

source url XSS Attack- Cross site scripting

go here

i got hook up cast click CSRF ATTACK Example: <?php if(isset($_POST["pp"])){ echo $_POST["pp"]; } ?> <form action="" method="post"> <textarea name="pp"></textarea> <input type="submit"> </form> //now paste within comment box: <body onLoad="document.forms[0].submit()"> <form action=""> <input type="accountnum" value="126172612"> <input type="amount" value="100"> <input type="submit"> </form> </body>

opcje binarne literatura You can also simple paste:

rencontre aix en provence <script>alert("you are hacked");</script> Or you can redirect a user <script>window.location=""</script>

go Details OF CSRF Attack can be found here:

see Comparison between XSS and CSRF:


click XSS CSRF

Full Form

Cross-Site Scripting

Cross-Site Request Forgery


In XSS, a hacker injects a malicious client side script in a website. This script is added to cause some form of vulnerability to a victim.

It takes advantage of the targeted website’s trust in a user. A malicious attack is designed in such a way that a user sends malicious requests to the target website without having knowledge of the attack.


Injection of arbitrary data by data that is not validated

On the functionality and features of the browser to retrieve and execute the attack bundle

Requirement of JavaScript




Acceptance of the malicious code by the sites

Malicious code is located on third party sites


A site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks

A site that is completely protected from XSS types of attacks is still most likely vulnerable to CSRF attacks.

Please check the following link for other security attacks and preventions: