So, members of my website can post topics, replies, comments, edit them and so on. I always use htmlspecialchars
and addslashes
for html inputs to
There is a lot that can go wrong with a web application. Other than XSS and SQLi, there is:
include()
, require()
...mail()
register_globals
,extract()
, import_request_variables()
fopen()
, file_get_contents()
, file_put_conents()
eval()
or preg_replace()
with /e
passthru()
, exec()
, system()
and ``There is a whole family of vulnerabilities regarding Broken Authentication and Session Management which is apart of the OWASP Top 10 that every web app programmer must read.
A Study In Scarlet is a good black paper that goes over many of these vulnerabilities that I have listed.
However, there are also strange vulnerabilities like this one in Wordpress. The definitive authority on what is a vulnerability is the CWE system which classifies HUNDREDS of vulnerabilities, many of which can affect web applications.