Defending Against Web Attacks X Xss Protection
Setup is the same as the previous article. Once the user logs in, there will be a little dashboard where the user can search for some values. Below is the code used to implement the functionality. Vulnerable code: [php] <?php session_start(); session_regenerate_id(); if(!isset($_SESSION[‘admin_loggedin’])) { header(‘Location: index.php’); } if(isset($_GET[‘search’])) { if(!empty($_GET[‘search’])) { $text = $_GET[‘search’]; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> Admin Home Welcome to Dashboard… You are logged in as: <?...