Skip Evans wrote: > Hey all, > > You may have seen my earlier message about a current client whose site > I've taken over maintenance on that is trying to get PCI Compliance from > Security Metrics. I've put all the forms behind https and a couple of > other things, but this one I don't know how to solve. I'll read up on > cross site scripting, but could someone help me understand what they > believe the vulnerability is in their notes below? > > Thanks, > Skip > > Possible cross site scripting on http://www.ranghart.com/index.php > > Use the following commands to verify this: wp --inject > > "http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C% > > TCP http/https 4 > curl -L > > "http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C% > > grep "123" This website may have other injection > related vulnerabilities. > Well, their example is not correct, try: http://www.ranghart.com/index.php?action=search&kw=SEARCH%3Cscript%3Ealert%28"Im doing some nasty JavaScipt hacking here!"%29%3B%3C%2Fscript%3E in a browser. This means that you're not validating/sanitizing input. You can't just take the contents of a $_GET, $_POST, etc. (any user input) variable and echo it out. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
