On Wed, Mar 11, 2009 at 7:56 AM, Michael A. Peters <mpeters@xxxxxxx> wrote:
> filtered wrote:
>>
>> On Wed, Mar 11, 2009 at 13:44, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
>>>
>>> filtered schreef:
>>>>
>>>> Hi,
>>>>
>>>> we have script containing
>>>>
>>>> <? echo $_GET['studio'] ?>
>>>
>>> let say I do:
>>>
>>> example.com/yourscript.php?studio=<script type="text/javascript">alert('I
>>> am an evil haxor');</script>
>>>
>>> excusing the fact that the query is not urlencoded, what happens on your
>>> site
>>> (replace domain and script name to match your site/script)
>>>
>>
>>
>> Ok, but I don't see how this code could be used to attack the local
>> php/web-server
>
> reflected attack.
> Someone puts that as the image source on some website they trick a
> legitimate user in going to (IE - click here to see latest brittany spears
> scandal !!!) - their browser tries to load the image, instead calling your
> page with the XSS attack thus allowing the cracker to read any cookies the
> user has from your domain which can then allow the cracker to impersonate
> the user via session ID.
...this and many other bad things can happen to YOU!
</public-service-announcement>
http://www.cgisecurity.com/xss-faq.html
--
// Todd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
