Topic: xss attack

hi,
i have getting xss attack error in nternet explorer.

http://www.xxxx.com/index.php/<script>alert('')</script> getting error in explorer.

<script type="text/javascript" charset="UTF-8">
/* <![CDATA[ */
try { if (undefined == xajax.config) xajax.config = {}; } catch (e) { xajax = {}; xajax.config = {}; };
xajax.config.requestURI = "http://www.xxx.com/index.php/%3Cscript% … /script%3E";
xajax.config.statusMessages = false;
xajax.config.waitCursor = true;
xajax.config.version = "xajax 0.5";
xajax.config.defaultMode = "asynchronous";
xajax.config.defaultMethod = "POST";
xajax.config.JavaScriptURI = "http://www.xxxx.com/";
/* ]]> */
</script>


can anybody help me ? thanks

Re: xss attack

Hi,

The code you have posted is part of the normal xajax client side code and is not related to an xss attack.

It sounds like an IE issue. Look at this:

http://answers.microsoft.com/en-us/ie/f … 71cd56e25b

Ed

If you ever stop learning you may as well dig a hole, crawl in and pull the top over yourself.