Posted by Jonathan N. Little on 11/22/07 19:34

Beauregard T. Shagnasty wrote:
> Jonathan N. Little wrote:

>> http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PHP_SELF+xss+vulnerability&spell=1
>> PHP_SELF xss vulnerability - Google Search
>
> Most of the remarks there seem to refer to Wordpress. Is that the only
> place the vulnerability exists?
>
> One page said to append: /"><script>alert(1)</script>
> to your URL. "If you receive a JavaScript popup your template is
> vulnerable to this attack." None of my sites return a popup. Should I
> worry? (No Wordpress in use.)
>

No, it is PHP specific. But is also depends on the server security
settings and magic-quotes. But if you use SCRIPT_NAME you will only get
the script name and not anything trailing as with PHP_SELF. That way is
some other clever bastard finds away around the escaping of the trailing
bits it would matter because SCRIPT_NAME doesn't parse it...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

• Next in forum: Re: IE cannot open the Internet site ... Operation aborted
• Prev in forum: Re: Keeping form elements in place after redirect
• Thread view: Re: Keeping form elements in place after redirect

[Reply to this message]