SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot unformatik's Avatar
    Join Date
    Aug 2007
    Location
    216/GMT+1
    Posts
    156
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Open Source CMS and XSS attacks

    Hi,

    I'm using Prestashop e-commerce, Free and Open Source CMS.
    This application was attacked by an XSS injection to display an Ad in all index.php pages .any idea How to protect the index from attacks
    This days we have a lot of CMS in many many criteria. do you think this will be the next target to harm users using open source project.


  2. #2
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most of the popular CMSs tend to have sufficient measures in place to shut out XSS attacks. If your CMS doesn’t have one, submit a bug report or have a skilled developer take a peek into it. You’ll need to find out that part of the code that is letting in user data without adequately filtering it.

  3. #3
    PHP Guru lampcms.com's Avatar
    Join Date
    Jan 2009
    Posts
    921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Kailash Badu View Post
    Most of the popular CMSs tend to have sufficient measures in place to shut out XSS attacks. If your CMS doesn’t have one, submit a bug report or have a skilled developer take a peek into it. You’ll need to find out that part of the code that is letting in user data without adequately filtering it.
    If you on Linux and have root access to your server, you can take some measures that would help prevent future XSS attacks even if you use unsecure CMS

    One of the most important things to do is to mount a data partition without the executable permission and then if you need directories with write permissions, only put directories on this data partition.
    Also make sure to mount your /dev/shm with -noexec option.

    Many attackers use the /dev/shm for their attacks.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •