Re: Re[2]: [ITCENTER] Tanya XSS??
ok makasih yach...sedang saya coba...kayanya ada dari file includenya...makasih yach dah support.. - Original Message From: Pangon Bebek [EMAIL PROTECTED] To: Acho ITCENTER@yahoogroups.com Sent: Wednesday, October 3, 2007 7:24:37 PM Subject: Re[2]: [ITCENTER] Tanya XSS?? Hello Acho, Wednesday, October 3, 2007, 6:43:03 PM, you wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript, dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam. net/artikel/ codeinjection. htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly. net maksudnya mungkin CSS kali pak :D - -- www.oprekpc. com/forum/ www.warungplus. com - -- Best regards, Pangon YM: sqf_trustno1@ yahoo.com my ebook collection: mailto:pangonbebek@ yahoo.com. sg !-- #ygrp-mkp{ border:1px solid #d8d8d8;font-family:Arial;margin:14px 0px;padding:0px 14px;} #ygrp-mkp hr{ border:1px solid #d8d8d8;} #ygrp-mkp #hd{ color:#628c2a;font-size:85%;font-weight:bold;line-height:122%;margin:10px 0px;} #ygrp-mkp #ads{ margin-bottom:10px;} #ygrp-mkp .ad{ padding:0 0;} #ygrp-mkp .ad a{ color:#ff;text-decoration:none;} -- !-- #ygrp-sponsor #ygrp-lc{ font-family:Arial;} #ygrp-sponsor #ygrp-lc #hd{ margin:10px 0px;font-weight:bold;font-size:78%;line-height:122%;} #ygrp-sponsor #ygrp-lc .ad{ margin-bottom:10px;padding:0 0;} -- !-- #ygrp-mlmsg {font-size:13px;font-family:arial, helvetica, clean, sans-serif;} #ygrp-mlmsg table {font-size:inherit;font:100%;} #ygrp-mlmsg select, input, textarea {font:99% arial, helvetica, clean, sans-serif;} #ygrp-mlmsg pre, code {font:115% monospace;} #ygrp-mlmsg * {line-height:1.22em;} #ygrp-text{ font-family:Georgia; } #ygrp-text p{ margin:0 0 1em 0;} #ygrp-tpmsgs{ font-family:Arial; clear:both;} #ygrp-vitnav{ padding-top:10px;font-family:Verdana;font-size:77%;margin:0;} #ygrp-vitnav a{ padding:0 1px;} #ygrp-actbar{ clear:both;margin:25px 0;white-space:nowrap;color:#666;text-align:right;} #ygrp-actbar .left{ float:left;white-space:nowrap;} .bld{font-weight:bold;} #ygrp-grft{ font-family:Verdana;font-size:77%;padding:15px 0;} #ygrp-ft{ font-family:verdana;font-size:77%;border-top:1px solid #666; padding:5px 0; } #ygrp-mlmsg #logo{ padding-bottom:10px;} #ygrp-vital{ background-color:#e0ecee;margin-bottom:20px;padding:2px 0 8px 8px;} #ygrp-vital #vithd{ font-size:77%;font-family:Verdana;font-weight:bold;color:#333;text-transform:uppercase;} #ygrp-vital ul{ padding:0;margin:2px 0;} #ygrp-vital ul li{ list-style-type:none;clear:both;border:1px solid #e0ecee; } #ygrp-vital ul li .ct{ font-weight:bold;color:#ff7900;float:right;width:2em;text-align:right;padding-right:.5em;} #ygrp-vital ul li .cat{ font-weight:bold;} #ygrp-vital a{ text-decoration:none;} #ygrp-vital a:hover{ text-decoration:underline;} #ygrp-sponsor #hd{ color:#999;font-size:77%;} #ygrp-sponsor #ov{ padding:6px 13px;background-color:#e0ecee;margin-bottom:20px;} #ygrp-sponsor #ov ul{ padding:0 0 0 8px;margin:0;} #ygrp-sponsor #ov li{ list-style-type:square;padding:6px 0;font-size:77%;} #ygrp-sponsor #ov li a{ text-decoration:none;font-size:130%;} #ygrp-sponsor #nc{ background-color:#eee;margin-bottom:20px;padding:0 8px;} #ygrp-sponsor .ad{ padding:8px 0;} #ygrp-sponsor .ad #hd1{ font-family:Arial;font-weight:bold;color:#628c2a;font-size:100%;line-height:122%;} #ygrp-sponsor .ad a{ text-decoration:none;} #ygrp-sponsor .ad a:hover{ text-decoration:underline;} #ygrp-sponsor .ad p{ margin:0;} o{font-size:0;} .MsoNormal{ margin:0 0 0 0;} #ygrp-text tt{ font-size:120%;} blockquote{margin:0 0 0 4px;} .replbq{margin:4;} -- Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase. http://farechase.yahoo.com/ [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
aku Belum lihat kaitannya XSS dengan sintax javascript:window.history.go(-1) --- ini buat back kan ??, yang jelas XSS benar kata Acho merupakan suatu upaya untuk injeksi script ke web Anda, kegiatan ini bisa membahayakan web Anda karena web anda bisa dijadikan media oleh orang lain melalui XSS yang dimasukkan untuk mencuri informasi dari para pengunjung web anda sendiri bisa berupa cookies user , password , id dll yang ada dikomputer client mereka, atau sekedar melakukan deface di web Anda saja. karenya selalu waspada dengan celah - celah yang tersedia diwebsite anda seperti fasilitas Search atau buku tamu yang Anda sediakan namun dengan pengamanan sintax yang lemah Kalau Anda menanyakan sintax javascript:window.history.go(-1) , sintax tersebut merupakan salah satu sintax javascript untuk link / tombol back mundur 1 kali , sebaiknya anda menggunakan javascript:window.history.back() karena sintax ini masih versi standar dan bisa terbaca hampir disemua browser ketimbang menggunakan go(-1) tersebut, udah beda versi. jadi mohon diperjelas dulu pertanyaan Anda, biar kita enak ngejelasinnya thanx Acho [EMAIL PROTECTED] wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net - Original Message - From: gofurbrente01 To: ITCENTER@yahoogroups.com Sent: Wednesday, October 03, 2007 1:31 PM Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. - Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
ok masalah teratasi...ternyata ada variabelnya yang tidak di session_register sebelumnyasekarang tinggal masalah selanjutnya SQL injection...ok terima kasih yach... - Original Message From: Mobis Design Ind. [EMAIL PROTECTED] To: ITCENTER@yahoogroups.com Sent: Thursday, October 4, 2007 11:05:48 AM Subject: Re: [ITCENTER] Tanya XSS?? aku Belum lihat kaitannya XSS dengan sintax javascript:window. history.go( -1) --- ini buat back kan ??, yang jelas XSS benar kata Acho merupakan suatu upaya untuk injeksi script ke web Anda, kegiatan ini bisa membahayakan web Anda karena web anda bisa dijadikan media oleh orang lain melalui XSS yang dimasukkan untuk mencuri informasi dari para pengunjung web anda sendiri bisa berupa cookies user , password , id dll yang ada dikomputer client mereka, atau sekedar melakukan deface di web Anda saja. karenya selalu waspada dengan celah - celah yang tersedia diwebsite anda seperti fasilitas Search atau buku tamu yang Anda sediakan namun dengan pengamanan sintax yang lemah Kalau Anda menanyakan sintax javascript:window. history.go( -1) , sintax tersebut merupakan salah satu sintax javascript untuk link / tombol back mundur 1 kali , sebaiknya anda menggunakan javascript:window. history.back( ) karena sintax ini masih versi standar dan bisa terbaca hampir disemua browser ketimbang menggunakan go(-1) tersebut, udah beda versi. jadi mohon diperjelas dulu pertanyaan Anda, biar kita enak ngejelasinnya thanx Acho [EMAIL PROTECTED] com wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript, dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam. net/artikel/ codeinjection. htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly. net - Original Message - From: gofurbrente01 To: [EMAIL PROTECTED] s.com Sent: Wednesday, October 03, 2007 1:31 PM Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history. go(-1); tolong yang tau beri penjelasan.. .ini bikin di php...makasih. . - - --- Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. [Non-text portions of this message have been removed] !-- #ygrp-mkp{ border:1px solid #d8d8d8;font-family:Arial;margin:14px 0px;padding:0px 14px;} #ygrp-mkp hr{ border:1px solid #d8d8d8;} #ygrp-mkp #hd{ color:#628c2a;font-size:85%;font-weight:bold;line-height:122%;margin:10px 0px;} #ygrp-mkp #ads{ margin-bottom:10px;} #ygrp-mkp .ad{ padding:0 0;} #ygrp-mkp .ad a{ color:#ff;text-decoration:none;} -- !-- #ygrp-sponsor #ygrp-lc{ font-family:Arial;} #ygrp-sponsor #ygrp-lc #hd{ margin:10px 0px;font-weight:bold;font-size:78%;line-height:122%;} #ygrp-sponsor #ygrp-lc .ad{ margin-bottom:10px;padding:0 0;} -- !-- #ygrp-mlmsg {font-size:13px;font-family:arial, helvetica, clean, sans-serif;} #ygrp-mlmsg table {font-size:inherit;font:100%;} #ygrp-mlmsg select, input, textarea {font:99% arial, helvetica, clean, sans-serif;} #ygrp-mlmsg pre, code {font:115% monospace;} #ygrp-mlmsg * {line-height:1.22em;} #ygrp-text{ font-family:Georgia; } #ygrp-text p{ margin:0 0 1em 0;} #ygrp-tpmsgs{ font-family:Arial; clear:both;} #ygrp-vitnav{ padding-top:10px;font-family:Verdana;font-size:77%;margin:0;} #ygrp-vitnav a{ padding:0 1px;} #ygrp-actbar{ clear:both;margin:25px 0;white-space:nowrap;color:#666;text-align:right;} #ygrp-actbar .left{ float:left;white-space:nowrap;} .bld{font-weight:bold;} #ygrp-grft{ font-family:Verdana;font-size:77%;padding:15px 0;} #ygrp-ft{ font-family:verdana;font-size:77%;border-top:1px solid #666; padding:5px 0; } #ygrp-mlmsg #logo{ padding-bottom:10px;} #ygrp-vital{ background-color:#e0ecee;margin-bottom:20px;padding:2px 0 8px 8px;} #ygrp-vital #vithd{ font-size:77%;font-family:Verdana;font-weight:bold;color:#333;text-transform:uppercase;} #ygrp-vital ul{ padding:0;margin:2px 0;} #ygrp-vital ul li{ list-style-type:none;clear:both;border:1px solid #e0ecee; } #ygrp-vital ul li .ct{ font-weight:bold;color:#ff7900;float:right;width:2em;text-align:right;padding-right:.5em;} #ygrp-vital ul li .cat{ font-weight:bold;} #ygrp-vital a{ text-decoration:none;} #ygrp-vital a:hover{ text-decoration:underline;} #ygrp-sponsor #hd{ color:#999;font-size:77%;} #ygrp-sponsor #ov{ padding:6px 13px;background-color:#e0ecee;margin-bottom:20px;} #ygrp-sponsor #ov ul{ padding:0 0 0 8px;margin:0;} #ygrp-sponsor #ov li{ list-style-type:square;padding:6px 0;font-size:77%;} #ygrp-sponsor #ov li a{ text-decoration:none;font-size:130%;} #ygrp-sponsor #nc{ background-color:#eee;margin-bottom:20px;padding:0 8px;} #ygrp-sponsor .ad{ padding:8px 0;} #ygrp-sponsor .ad #hd1{ font-family:Arial;font
Re: [ITCENTER] Tanya XSS??
Sebetulnya sih untuk mencegah XSS patokannya bukan terbatas di session register aja, intinya anda ngga menggunakan variabel luar yg berisi nama file secara langsung, jadi ada filter dulu. Contoh: http://www.situsanda.com/index.php?page=profil.php (url semacam ini bisa terjadi XSS. sangat tidak disarankan) sebaiknya urlnya dirubah menjadi: http://www.situsanda.com?index.php?page=profil nanti di halaman index.php bikin filter misalnya: if $_GET[page]==profil {includeprofil.php;} else {echoMaaf halaman yang anda tuju tidak tersedia;} - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net = - Original Message - From: gofur brente To: ITCENTER@yahoogroups.com Sent: Thursday, October 04, 2007 2:43 PM Subject: Re: [ITCENTER] Tanya XSS?? ok masalah teratasi...ternyata ada variabelnya yang tidak di session_register sebelumnyasekarang tinggal masalah selanjutnya SQL injection...ok terima kasih yach... -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
Maaf ada ralat: ...sebaiknya urlnya dirubah menjadi: http://www.situsanda.com/index.php?page=profil - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net = sebaiknya urlnya dirubah menjadi: http://www.situsanda.com?index.php?page=profil -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
[ITCENTER] Tanya XSS??
ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
RE: [ITCENTER] Tanya XSS??
Dear rekan IT: Tolong sharenya klo ada trouble di OS dgn perintah Windows 2000 root/system32\ntoskrnl.exe Please re install a copy of the above file Saya sudah coba repair tapi nggak bisa juga Tolong dibantu, terimakasih Regards, Muslim _ From: ITCENTER@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of gofurbrente01 Sent: Wednesday, October 03, 2007 1:31 PM To: ITCENTER@yahoogroups.com Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. [Non-text portions of this message have been removed] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: [ITCENTER] Tanya XSS??
Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net - Original Message - From: gofurbrente01 To: ITCENTER@yahoogroups.com Sent: Wednesday, October 03, 2007 1:31 PM Subject: [ITCENTER] Tanya XSS?? ada yang tau masalah XSS ga??kayanya masalahnya di syntax javascript:history.go(-1); tolong yang tau beri penjelasan...ini bikin di php...makasih.. -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re[2]: [ITCENTER] Tanya XSS??
Hello Acho, Wednesday, October 3, 2007, 6:43:03 PM, you wrote: Aduh nanya nya ngga jelas gini.. XSS itu Cross Site Scripting, adalah suatu upaya memasukan code (html,javascript,dll) kedalam suatu web site dan dijalankan melalui browser di client. Lebih jelasnya baca ini: http://daunsalam.net/artikel/codeinjection.htm - - - - - - - - - - - - - - - - - Acho Learns to Write - - - - - - - - - - - - - - - - - http://muhadkly.net maksudnya mungkin CSS kali pak :D --- www.oprekpc.com/forum/ www.warungplus.com --- Best regards, Pangon YM: [EMAIL PROTECTED] my ebook collection: mailto:[EMAIL PROTECTED] -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/