Skip to content. | Skip to navigation

Sections

Personal tools

You are here: Home → wikidblog → Potential XSS in PHP Sample page

Recent entries: The Express Scripts Bounty admin Nov 14, 2008; Citrix on the need for two-factor authentication admin Nov 12, 2008; PCI expanding to Europe admin Nov 11, 2008; Embedding WiKID two-factor authentication in your Web application admin Nov 06, 2008; 50 Must-Have Open Source Tools for Security admin Oct 30, 2008

Recent comments: Re:Running the WiKID Two-factor authentication server on Ubuntu remix_tj Nov 16, 2008; Re:Embedding WiKID two-factor authentication in your Web application admin Nov 11, 2008; Re:Open source momentum and spending during the recession admin Nov 01, 2008; MTM vulnerable Kris Puri Oct 31, 2008; Re:Running the WiKID Two-factor authentication server on Ubuntu nowen Sep 26, 2008

2008/04/11

Potential XSS in PHP Sample page

It has been brought to our attention by the team at ush.it that the sample.php page in our PHP Network Client has code that could have been exploited via an XSS attack. The sample page is not part of the network client itself, it is just provided as an example of how to add two-factor authentication to PHP applications.

We've touched base with the Enterprise users that we know have used WiKID in their PHP applications. So far, no one has used that code. Rather, they have taken their existing authentication pages and added the WiKID code to bring two-factor authentication into the mix.

More information on the code in question can be found here

Updated: Corrected link.

Category(s): Two Factor Authentication; WiKID

Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

Author (Required)

EMail (Required)

URL

Title (Required)

Comment (Required)

Remember your information on cookie?

Verification Code

This helps us prevent automated spamming.

Captcha Image

Categories: Security and Economics (80); Two Factor Authentication (134); Authentication Attacks (56); Phishing and Fraud (90); Miscellaneous (92); WiKID (71); Information Security (69); Strong Authentication (24); Open Source (35); Mutual Authentication (40); Transaction Authentication (12); Wireless, cellular, mobile devices (6); PCI (25)

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Start using WiKID today

Recent Changes: Token Clients Nov 18, 2008; Re:Running the WiKID Two-factor authentication server on Ubuntu Nov 16, 2008; The Express Scripts Bounty Nov 14, 2008; Download the WiKID Enterprise Server 3.2.5 RPMs Nov 12, 2008; Citrix on the need for two-factor authentication Nov 12, 2008; All recent changes…

Got Questions? Get Answers.