Re: Re[2]: [ITCENTER] Tanya XSS??
ok makasih yach...sedang saya coba...kayanya ada dari file includenya...makasih
yach dah support..
- Original Message
From: Pangon Bebek [EMAIL PROTECTED]
To: Acho ITCENTER@yahoogroups.com
Sent: Wednesday, October 3, 2007 7:24:37 PM
Subject: Re[2]: [ITCENTER] Tanya XSS??
Hello Acho,
Wednesday, October 3, 2007, 6:43:03 PM, you wrote:
Aduh nanya nya ngga jelas gini..
XSS itu Cross Site Scripting, adalah suatu upaya memasukan code
(html,javascript, dll) kedalam suatu web site dan dijalankan melalui browser
di client. Lebih jelasnya baca ini:
http://daunsalam. net/artikel/ codeinjection. htm
- - - - - - - - - - - - - - - - -
Acho Learns to Write
- - - - - - - - - - - - - - - - -
http://muhadkly. net
maksudnya mungkin CSS kali pak :D
- --
www.oprekpc. com/forum/
www.warungplus. com
- --
Best regards,
Pangon
YM: sqf_trustno1@ yahoo.com
my ebook collection:
mailto:pangonbebek@ yahoo.com. sg
!--
#ygrp-mkp{
border:1px solid #d8d8d8;font-family:Arial;margin:14px 0px;padding:0px 14px;}
#ygrp-mkp hr{
border:1px solid #d8d8d8;}
#ygrp-mkp #hd{
color:#628c2a;font-size:85%;font-weight:bold;line-height:122%;margin:10px 0px;}
#ygrp-mkp #ads{
margin-bottom:10px;}
#ygrp-mkp .ad{
padding:0 0;}
#ygrp-mkp .ad a{
color:#ff;text-decoration:none;}
--
!--
#ygrp-sponsor #ygrp-lc{
font-family:Arial;}
#ygrp-sponsor #ygrp-lc #hd{
margin:10px 0px;font-weight:bold;font-size:78%;line-height:122%;}
#ygrp-sponsor #ygrp-lc .ad{
margin-bottom:10px;padding:0 0;}
--
!--
#ygrp-mlmsg {font-size:13px;font-family:arial, helvetica, clean, sans-serif;}
#ygrp-mlmsg table {font-size:inherit;font:100%;}
#ygrp-mlmsg select, input, textarea {font:99% arial, helvetica, clean,
sans-serif;}
#ygrp-mlmsg pre, code {font:115% monospace;}
#ygrp-mlmsg * {line-height:1.22em;}
#ygrp-text{
font-family:Georgia;
}
#ygrp-text p{
margin:0 0 1em 0;}
#ygrp-tpmsgs{
font-family:Arial;
clear:both;}
#ygrp-vitnav{
padding-top:10px;font-family:Verdana;font-size:77%;margin:0;}
#ygrp-vitnav a{
padding:0 1px;}
#ygrp-actbar{
clear:both;margin:25px 0;white-space:nowrap;color:#666;text-align:right;}
#ygrp-actbar .left{
float:left;white-space:nowrap;}
.bld{font-weight:bold;}
#ygrp-grft{
font-family:Verdana;font-size:77%;padding:15px 0;}
#ygrp-ft{
font-family:verdana;font-size:77%;border-top:1px solid #666;
padding:5px 0;
}
#ygrp-mlmsg #logo{
padding-bottom:10px;}
#ygrp-vital{
background-color:#e0ecee;margin-bottom:20px;padding:2px 0 8px 8px;}
#ygrp-vital #vithd{
font-size:77%;font-family:Verdana;font-weight:bold;color:#333;text-transform:uppercase;}
#ygrp-vital ul{
padding:0;margin:2px 0;}
#ygrp-vital ul li{
list-style-type:none;clear:both;border:1px solid #e0ecee;
}
#ygrp-vital ul li .ct{
font-weight:bold;color:#ff7900;float:right;width:2em;text-align:right;padding-right:.5em;}
#ygrp-vital ul li .cat{
font-weight:bold;}
#ygrp-vital a{
text-decoration:none;}
#ygrp-vital a:hover{
text-decoration:underline;}
#ygrp-sponsor #hd{
color:#999;font-size:77%;}
#ygrp-sponsor #ov{
padding:6px 13px;background-color:#e0ecee;margin-bottom:20px;}
#ygrp-sponsor #ov ul{
padding:0 0 0 8px;margin:0;}
#ygrp-sponsor #ov li{
list-style-type:square;padding:6px 0;font-size:77%;}
#ygrp-sponsor #ov li a{
text-decoration:none;font-size:130%;}
#ygrp-sponsor #nc{
background-color:#eee;margin-bottom:20px;padding:0 8px;}
#ygrp-sponsor .ad{
padding:8px 0;}
#ygrp-sponsor .ad #hd1{
font-family:Arial;font-weight:bold;color:#628c2a;font-size:100%;line-height:122%;}
#ygrp-sponsor .ad a{
text-decoration:none;}
#ygrp-sponsor .ad a:hover{
text-decoration:underline;}
#ygrp-sponsor .ad p{
margin:0;}
o{font-size:0;}
.MsoNormal{
margin:0 0 0 0;}
#ygrp-text tt{
font-size:120%;}
blockquote{margin:0 0 0 4px;}
.replbq{margin:4;}
--
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.
http://farechase.yahoo.com/
[Non-text portions of this message have been removed]
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
* Your email settings:
Individual Email | Traditional
* To change settings online go to:
http://groups.yahoo.com/group/ITCENTER/join
(Yahoo! ID required)
* To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
* Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
aku Belum lihat kaitannya XSS dengan sintax javascript:window.history.go(-1) --- ini buat back kan ??, yang jelas XSS benar kata Acho merupakan suatu upaya untuk injeksi script ke web Anda, kegiatan ini bisa membahayakan web Anda karena web anda bisa dijadikan media oleh orang lain melalui XSS yang dimasukkan untuk mencuri informasi dari para pengunjung web anda sendiri bisa berupa cookies user , password , id dll yang ada dikomputer client mereka, atau sekedar melakukan deface di web Anda saja. karenya selalu waspada dengan celah - celah yang tersedia diwebsite anda seperti fasilitas Search atau buku tamu yang Anda sediakan namun dengan pengamanan sintax yang lemah Kalau Anda menanyakan sintax javascript:window.history.go(-1) , sintax tersebut merupakan salah satu sintax javascript untuk link / tombol back mundur 1 kali , sebaiknya anda menggunakan javascript:window.history.back() karena sintax ini masih versi standar dan bisa terbaca hampir disemua browser ketimbang menggunakan go(-1) tersebut, udah beda versi. jadi mohon diperjelas dulu pertanyaan Anda, biar kita enak ngejelasinnya thanx Acho [EMAIL PROTECTED] wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net - Original Message - From: gofurbrente01 To: ITCENTER@yahoogroups.com Sent: Wednesday, October 03, 2007 1:31 PM Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. - Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
ok masalah teratasi...ternyata ada variabelnya yang tidak di session_register
sebelumnyasekarang tinggal masalah selanjutnya SQL injection...ok terima
kasih yach...
- Original Message
From: Mobis Design Ind. [EMAIL PROTECTED]
To: ITCENTER@yahoogroups.com
Sent: Thursday, October 4, 2007 11:05:48 AM
Subject: Re: [ITCENTER] Tanya XSS??
aku Belum lihat kaitannya XSS dengan sintax javascript:window.
history.go( -1) --- ini buat back kan ??, yang jelas XSS benar kata Acho
merupakan suatu upaya untuk injeksi script ke web Anda, kegiatan ini bisa
membahayakan web Anda karena web anda bisa dijadikan media oleh orang lain
melalui XSS yang dimasukkan untuk mencuri informasi dari para pengunjung web
anda sendiri bisa berupa cookies user , password , id dll yang ada dikomputer
client mereka, atau sekedar melakukan deface di web Anda saja. karenya selalu
waspada dengan celah - celah yang tersedia diwebsite anda seperti fasilitas
Search atau buku tamu yang Anda sediakan namun dengan pengamanan sintax yang
lemah
Kalau Anda menanyakan sintax javascript:window. history.go( -1) , sintax
tersebut merupakan salah satu sintax javascript untuk link / tombol back mundur
1 kali , sebaiknya anda menggunakan javascript:window. history.back( ) karena
sintax ini masih versi standar dan bisa terbaca hampir disemua browser
ketimbang menggunakan go(-1) tersebut, udah beda versi.
jadi mohon diperjelas dulu pertanyaan Anda, biar kita enak ngejelasinnya
thanx
Acho [EMAIL PROTECTED] com wrote:
Aduh nanya nya ngga jelas gini..
XSS itu Cross Site Scripting, adalah suatu upaya memasukan code
(html,javascript, dll) kedalam suatu web site dan dijalankan melalui browser
di client. Lebih jelasnya baca ini:
http://daunsalam. net/artikel/ codeinjection. htm
- - - - - - - - - - - - - - - - -
Acho Learns to Write
- - - - - - - - - - - - - - - - -
http://muhadkly. net
- Original Message -
From: gofurbrente01
To: [EMAIL PROTECTED] s.com
Sent: Wednesday, October 03, 2007 1:31 PM
Subject: [ITCENTER] Tanya XSS??
ada yang tau masalah XSS ga??kayanya masalahnya di syntax
javascript:history. go(-1); tolong yang tau beri penjelasan.. .ini bikin
di php...makasih. .
- - ---
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us.
[Non-text portions of this message have been removed]
!--
#ygrp-mkp{
border:1px solid #d8d8d8;font-family:Arial;margin:14px 0px;padding:0px 14px;}
#ygrp-mkp hr{
border:1px solid #d8d8d8;}
#ygrp-mkp #hd{
color:#628c2a;font-size:85%;font-weight:bold;line-height:122%;margin:10px 0px;}
#ygrp-mkp #ads{
margin-bottom:10px;}
#ygrp-mkp .ad{
padding:0 0;}
#ygrp-mkp .ad a{
color:#ff;text-decoration:none;}
--
!--
#ygrp-sponsor #ygrp-lc{
font-family:Arial;}
#ygrp-sponsor #ygrp-lc #hd{
margin:10px 0px;font-weight:bold;font-size:78%;line-height:122%;}
#ygrp-sponsor #ygrp-lc .ad{
margin-bottom:10px;padding:0 0;}
--
!--
#ygrp-mlmsg {font-size:13px;font-family:arial, helvetica, clean, sans-serif;}
#ygrp-mlmsg table {font-size:inherit;font:100%;}
#ygrp-mlmsg select, input, textarea {font:99% arial, helvetica, clean,
sans-serif;}
#ygrp-mlmsg pre, code {font:115% monospace;}
#ygrp-mlmsg * {line-height:1.22em;}
#ygrp-text{
font-family:Georgia;
}
#ygrp-text p{
margin:0 0 1em 0;}
#ygrp-tpmsgs{
font-family:Arial;
clear:both;}
#ygrp-vitnav{
padding-top:10px;font-family:Verdana;font-size:77%;margin:0;}
#ygrp-vitnav a{
padding:0 1px;}
#ygrp-actbar{
clear:both;margin:25px 0;white-space:nowrap;color:#666;text-align:right;}
#ygrp-actbar .left{
float:left;white-space:nowrap;}
.bld{font-weight:bold;}
#ygrp-grft{
font-family:Verdana;font-size:77%;padding:15px 0;}
#ygrp-ft{
font-family:verdana;font-size:77%;border-top:1px solid #666;
padding:5px 0;
}
#ygrp-mlmsg #logo{
padding-bottom:10px;}
#ygrp-vital{
background-color:#e0ecee;margin-bottom:20px;padding:2px 0 8px 8px;}
#ygrp-vital #vithd{
font-size:77%;font-family:Verdana;font-weight:bold;color:#333;text-transform:uppercase;}
#ygrp-vital ul{
padding:0;margin:2px 0;}
#ygrp-vital ul li{
list-style-type:none;clear:both;border:1px solid #e0ecee;
}
#ygrp-vital ul li .ct{
font-weight:bold;color:#ff7900;float:right;width:2em;text-align:right;padding-right:.5em;}
#ygrp-vital ul li .cat{
font-weight:bold;}
#ygrp-vital a{
text-decoration:none;}
#ygrp-vital a:hover{
text-decoration:underline;}
#ygrp-sponsor #hd{
color:#999;font-size:77%;}
#ygrp-sponsor #ov{
padding:6px 13px;background-color:#e0ecee;margin-bottom:20px;}
#ygrp-sponsor #ov ul{
padding:0 0 0 8px;margin:0;}
#ygrp-sponsor #ov li{
list-style-type:square;padding:6px 0;font-size:77%;}
#ygrp-sponsor #ov li a{
text-decoration:none;font-size:130%;}
#ygrp-sponsor #nc{
background-color:#eee;margin-bottom:20px;padding:0 8px;}
#ygrp-sponsor .ad{
padding:8px 0;}
#ygrp-sponsor .ad #hd1{
font-family:Arial;font
Re: [ITCENTER] Tanya XSS??
Sebetulnya sih untuk mencegah XSS patokannya bukan terbatas di session
register aja, intinya anda ngga menggunakan variabel luar yg berisi nama
file secara langsung, jadi ada filter dulu. Contoh:
http://www.situsanda.com/index.php?page=profil.php (url semacam ini bisa
terjadi XSS. sangat tidak disarankan)
sebaiknya urlnya dirubah menjadi:
http://www.situsanda.com?index.php?page=profil
nanti di halaman index.php bikin filter misalnya:
if $_GET[page]==profil {includeprofil.php;}
else
{echoMaaf halaman yang anda tuju tidak tersedia;}
- - - - - - - - - - - - - - - - -
Acho Learns to Write
- - - - - - - - - - - - - - - - -
http://muhadkly.net
=
- Original Message -
From: gofur brente
To: ITCENTER@yahoogroups.com
Sent: Thursday, October 04, 2007 2:43 PM
Subject: Re: [ITCENTER] Tanya XSS??
ok masalah teratasi...ternyata ada variabelnya yang tidak di
session_register sebelumnyasekarang tinggal masalah selanjutnya SQL
injection...ok terima kasih yach...
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
Yahoo! Groups Links
* To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
* Your email settings:
Individual Email | Traditional
* To change settings online go to:
http://groups.yahoo.com/group/ITCENTER/join
(Yahoo! ID required)
* To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
* Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
Maaf ada ralat: ...sebaiknya urlnya dirubah menjadi: http://www.situsanda.com/index.php?page=profil - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net = sebaiknya urlnya dirubah menjadi: http://www.situsanda.com?index.php?page=profil -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[ITCENTER] Tanya XSS??
ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [ITCENTER] Tanya XSS??
Dear rekan IT: Tolong sharenya klo ada trouble di OS dgn perintah Windows 2000 root/system32\ntoskrnl.exe Please re install a copy of the above file Saya sudah coba repair tapi nggak bisa juga Tolong dibantu, terimakasih Regards, Muslim _ From: ITCENTER@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of gofurbrente01 Sent: Wednesday, October 03, 2007 1:31 PM To: ITCENTER@yahoogroups.com Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net - Original Message - From: gofurbrente01 To: ITCENTER@yahoogroups.com Sent: Wednesday, October 03, 2007 1:31 PM Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re[2]: [ITCENTER] Tanya XSS??
Hello Acho, Wednesday, October 3, 2007, 6:43:03 PM, you wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net maksudnya mungkin CSS kali pak :D --- www.oprekpc.com/forum/ www.warungplus.com --- Best regards, Pangon YM: [EMAIL PROTECTED] my ebook collection: mailto:[EMAIL PROTECTED] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
