Hey all,
You may have seen my earlier message about a current client
whose site I've taken over maintenance on that is trying to
get PCI Compliance from Security Metrics. I've put all the
forms behind https and a couple of other things, but this one
I don't know how to solve. I'll read up on cross site
scripting, but could someone help me understand what they
believe the vulnerability is in their notes below?
Thanks,
Skip
Possible cross site scripting on
http://www.ranghart.com/index.php
Use the following commands to verify this: wp --inject
"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
TCP http/https 4
curl -L
"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
grep "123" This website may have other
injection related vulnerabilities.
--
====================================
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison WI 53703
608.250.2720
http://bigskypenguin.com
------------------------------------
Those of you who believe in
telekinesis, raise my hand.
-- Kurt Vonnegut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
