Re: This code using _GET exploitable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please include the list when replying unless you're looking to hire me!

2009/3/11 filtered <zopyxfilter@xxxxxxxxxxxxxx>

> On Wed, Mar 11, 2009 at 13:41, Stuart <stuttle@xxxxxxxxx> wrote:
> > 2009/3/11 filtered <zopyxfilter@xxxxxxxxxxxxxx>
>
> >
> > $_GET['cam'] looks fine. $_GET['studio'] is not.
> > I could build a URL that would output a javascript tag to do anything I
> want
> > from the security context of a page on your site. This is not good.
> > Check out http://php.net/htmlentities and associated functions.
>
> More detailed question: is this code prone for attacking the local
> web/php-server? I agree that it is weak with respect to XSS.


Not on the face of it, but we would need a lot more of your code to decide
that for certain, something which goes way beyond the scope of this list.

But I would ask the question why it matters? It's bad so fix it. If you
really have code like this anywhere in your site, escape it.

Escape stuff coming in and escape stuff going out. There are no exceptions.
Ever.

-Stuart

-- 
http://stut.net/

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux