Posted By

romanos on 05/29/08


Tagged

get xss hacker


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

heinz1959
vali29
wirenaught


Prevent any possible XSS attacks via $_GET


 / Published in: PHP
 

This function from php-fusion - great CMS.

  1. // Prevent any possible XSS attacks via $_GET.
  2. foreach ($_GET as $check_url) {
  3. if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
  4. (eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
  5. (eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
  6. (eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
  7. (eregi("\"", $check_url))) {
  8. die ();
  9. }
  10. }
  11. unset($check_url);

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: skymuss on April 1, 2009

and this one ? ;-)

have fun skymuss

Posted By: skymuss on April 1, 2009

and this one ? ;-)

have fun skymuss

Posted By: skymuss on April 1, 2009

and this one ? ;-)

have fun skymuss

Posted By: romanos on July 5, 2009

this is very simple, but better then nothing

You need to login to post a comment.