ApEx:XSS

From OWASP
Revision as of 15:32, 21 November 2008 by Mjk303 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

WIP 21/11/2008

Overview

Example

Create a Form on a table of type “Form on a Table with Report” Run the Report and create a row with this data in a VARCHAR2 column

When you press Create and branch back to the Report the JavaScript is run


Solution

Escape output, make the character as literal's

In PL/SQL use this function: HTF.escape_sc Read about safe items in the User’s Guide