Results 1 to 3 of 3
Thread: Open Source CMS and XSS attacks
Jun 9, 2009, 08:06 #1
- Join Date
- Aug 2007
- 0 Post(s)
- 0 Thread(s)
Open Source CMS and XSS attacks
I'm using Prestashop e-commerce, Free and Open Source CMS.
This application was attacked by an XSS injection to display an Ad in all index.php pages .any idea How to protect the index from attacks
This days we have a lot of CMS in many many criteria. do you think this will be the next target to harm users using open source project.
Jun 9, 2009, 08:31 #2
Most of the popular CMSs tend to have sufficient measures in place to shut out XSS attacks. If your CMS doesn’t have one, submit a bug report or have a skilled developer take a peek into it. You’ll need to find out that part of the code that is letting in user data without adequately filtering it.
Jun 9, 2009, 09:07 #3
One of the most important things to do is to mount a data partition without the executable permission and then if you need directories with write permissions, only put directories on this data partition.
Also make sure to mount your /dev/shm with -noexec option.
Many attackers use the /dev/shm for their attacks.