Ok so I just wanted to know, is this necessarily a XSS vulnerability, as it does not output the results as such?
For example:
if($_GET['doRedirect'] == "yes") {
//redirect Page
} else {
//dont redirect page
}
then
http://example.com?doRedirect=yes
I have read up on all of the XSS stuff and thought I had a good understanding of it, although now im slightly confused. Is XSS only possible if the user input is then output on the page?
Many thanks :)
That should be safe.
Cross site scripting can only occur if you actually output something user-generated on your page.
An example of this would be if you took in a user's name as the get parameter name and did the following:
<?php
echo "Hello, {$_GET['name']}. How are you today?";
?>
In this case, if someone set the name-parameter to <script>alert('Hello, There!');</script>, they've suddenly got some JavaScript running on an URL hosted on your domain.
Granted, that example is pretty benign, but the fact that they could run that code means they could run any code they wished. They could, for instance, add a script that logged the usernames and passwords of all users that logged in through that URL. Your site would appear genuine, but they would have access to things they shouldn't have.
If you're confused about, or interested in learning more about cross site scripting, take a look at these questions:
Assuming that you only use the doRedirect input parameter in that if statement and nothing else then it is not vunerable.
If you were to do something like this, then yes it would be vulnerable:
if($_GET['doRedirect'] == "yes")
{
//redirect Page
}
else
{
//dont redirect page
// Create message to display in the browser
$messageToUser = 'You selected '.$_GET['doRedirect'].' for your redirection';
}
In this case you should perform validation on the input.
