Hi. I am J0K3R (IT_J0K3R_QC) . And today i will show you how to close your XSS(x-x Cross Site Scripting) Vuln? If you got an XSS in your Site First you gonna open File Manager or FTP / Smart FileZilla or Direc Admin / Cpanel and > public_html > .htaccess > add the codes below :
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\\\\\\\(.*\\\\\\\\) [OR]
RewriteCond %{QUERY_STRING} (\\\\\\\\<|<).*script.*(\\\\\\\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\\\\\\\[|\\\\\\\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\\\\\\\[|\\\\\\\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
What is this code for? Answer :
This is a type of blocking system. If Someone try to find an XSS on your site (example : http://site.com/search.php?s=<script>alert(1);</script>
So This will going to index.php. You can change it just Change the “RewriteRule ^(.*)$ index.php [F,L] ” index.php to your index.html . So whitch symbolls gonna block? Below :
; / ? : @ = & <> “ # { } | \\\\\\\\ ^ ~ [ ] ` % ‘
Actually i am talking about XSS with Pentest(penetration Testing) – Manual not with tools.
Hiç yorum yok:
Yorum Gönder