logo

Database

Php Reflected Xss Unsanitized Echo

Description

Detects PHP reflected cross-site scripting (XSS) vulnerabilities where unsanitized user input is directly echoed to the page output. This creates a security risk where attackers can inject malicious JavaScript that executes in users' browsers.

Weakness:

008 - Reflected cross-site scripting (XSS)

Category: Unexpected Injection

Detection Strategy

    Identifies PHP echo statements in the code

    Checks if the echo statement's arguments contain potentially dangerous variables or expressions

    Reports a vulnerability when echo directly outputs unsanitized/unescaped dynamic content

    Example of vulnerable code: echo $_GET['user_input']

Vulnerable code example

<?php
$user_input = $_GET['userInput'];  // Dangerous: Directly getting user input from GET parameter

// Vulnerable: Directly echoing unescaped user input allows XSS
echo $user_input;
echo $_POST['userInput'];  // Vulnerable: Direct output of POST data without sanitization

// Multiple vulnerable outputs in one line...

✅ Secure code example

<?php
// Get user input but sanitize before use
$user_input = $_GET['userInput'];  // Store raw input for processing
$sanitized_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');  // Sanitize for safe output

// Safe: Output is properly sanitized against XSS
echo $sanitized_input;
...