PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Microsoft Word > Microsoft Frontpage > Cross Site Scripting

Reply
Thread Tools Rate Thread

Cross Site Scripting

 
 
Fred
Guest
Posts: n/a
 
      16th Oct 2003
When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
Reply With Quote
 
 
 
 
John Clark
Guest
Posts: n/a
 
      16th Oct 2003
Yes. Cross Site Scripting (XSS) is a serious security issue. If your forms take in information and then print that information without server-side validation, you risk XSS attack. Since this kind of attack is enabled with forms, that is probably what Norton is detecting.

If these forms are posting to a database backend (like SQL) the risk is much higher, because hackers can use the volunerability to delete tables from your database.

See if this helps:

http://support.microsoft.com/default...b;en-us;252985

-John
"Fred" <(E-Mail Removed)> wrote in message news:uNtCss$(E-Mail Removed)...
When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
Reply With Quote
 
Fred
Guest
Posts: n/a
 
      16th Oct 2003
It looks like it's an XSS problem. It says that one should "validate" forms etc before loading them. How does one do this?

Fred
"John Clark" <(E-Mail Removed)> wrote in message news:uxmp8w$(E-Mail Removed)...
Yes. Cross Site Scripting (XSS) is a serious security issue. If your forms take in information and then print that information without server-side validation, you risk XSS attack. Since this kind of attack is enabled with forms, that is probably what Norton is detecting.

If these forms are posting to a database backend (like SQL) the risk is much higher, because hackers can use the volunerability to delete tables from your database.

See if this helps:

http://support.microsoft.com/default...b;en-us;252985

-John
"Fred" <(E-Mail Removed)> wrote in message news:uNtCss$(E-Mail Removed)...
When I try to upload a page to my already published website the transfer stops and I get this warning back from Norton: (Type as is)

Intrusion: HTTP-MS-SQL-XML-CrossSiteScripting
Intruder: localhost (1803)

I tried to add some forms yesterday which included scripts. Could this fact be causing the problem?
 
Reply With Quote
 
 
 
Reply

« Create a site from scratch | FrontPage won't open »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Validating Request.Params[] values for cross site scripting oopaevah@yahoo.co.uk Microsoft ASP .NET 3 10th Jan 2006 02:19 PM
Cross site scripting =?Utf-8?B?QnJhZCBRdWlubg==?= Microsoft ASP .NET 1 28th Apr 2005 12:35 AM
Cross -Site Scripting and SQL Data Reader =?Utf-8?B?VmluZWV0IEJhdHRh?= Microsoft ADO .NET 1 11th May 2004 06:01 AM
Turning on cross-site scripting in a intranet Anton Windows XP Internet Explorer 0 5th Mar 2004 08:11 AM
Cross-Site Scripting... Scott M. Microsoft ASP .NET 7 24th Dec 2003 09:33 AM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 09:04 PM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top