Skip to Main Content

Check for XSS Exploits

Posted on 6.16.2008

Matt Cutts, the head of Google's Web spam team, mentioned on his weblog today that you might want to check for XSS holes on your website, especially from "freeform text input such as search boxes." Scary, huh? It gets worse. Cutts mentioned that even large sites can have issues with XSS.

From the Cutts post: If you’ve noticed that your rankings in Google seem to be affected, you might consider a few searches on your site to see if anyone has injected spammy or porn content on your site. If your domain was example.com, you might want to run a few queries such as [site:example.com porn] or [site:example.com biaxin] or [site:example.com viagra] to see whether you run across unexpected results.

Cutts made an addition to the post encouraging readers to change their admin password if they update their WordPress installation, as "sometimes hackers are smart enough to save your password and come back even after you've fully patched your system. Sounds like a good idea - for any database-driven site. One commenter on the post referenced a simple little solution called Firewall Script which I've heard of before. The solution stops SQL inhections, XSS, directory transversals and cookie poisoning. The solution sells for $120.00 US.

WebsiteMagazineMiniLogo

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo