Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?) — PHP Programming Language

You are here: Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?) « PHP Programming Language « IT news, forums, messages

Posted by Jim Carlock on 02/26/06 19:27

"Jim Carlock" asked:
> Is there something that can be done to prevent that sort of thing?

I've got a better feel for the problem with PHP_SELF and XSS
attacks. I initially misread your statement and while the Mozilla
browser displayed nothing (javascript turned off), Microsoft's
Internet Explorer showed the problem.

I found a great link describing the $_SERVER['PHP_SELF'],
http://blog.phpdoc.info/archives/13-XSS-Woes.html, which
definitely doesn't seem limited to that variable, but also to the
other items:

phpinfo()
$_SERVER['PHP_SELF']
$_SERVER['PHP_INFO']

Some digging into: +PHP "XSS attack" turned up all sorts of things,
including the link above, which in turn led to this link, which describes
vulnerabilities of $_SERVER['SERVER_NAME'] ...
http://www-128.ibm.com/developerworks/blogs/dw_blog_comments.jspa?blog=481&entry=75480

<html>
<head>
<title>Testing Server Variables</title>
</head>
<body><a href="#<?php echo($_SERVER['SERVER_NAME']); ?>">Hold your mouse over this link</a>
<?php echo($_SERVER['PHP_SELF']); ?></body></html>

The above encoding turns up some really odd behaviors.

Holding the mouse over that link results in...

http://localhost/test.php/%22%3E%3Cimg%20src=http://www.perl.com/images/75-logo.jpg%3E%3Cblah#70.124.31.73

While clicking on the source code itself presents the following
(Internet Explorer, click on View, click on Source):

<html>
<head>
<title>Testing Server Variables</title>
</head>
<body><a href="#70.124.31.73">Hold your mouse over this link</a>
/test.php/\"><img src=http://www.perl.com/images/75-logo.jpg><blah</body></html>

Thanks for bringing up "XSS attack" inside of PHP. I'm not quite
sure what the above completely represents, but it appears that
possibly the http headers were compromised as well, showing
a vulnerability with $_SERVER['SERVER_NAME'].

Anyone else here that knows what's going on there and any
suggestions are greatly appreciated.

Jim Carlock
Post replies to the group.

Navigation:

Next in forum: Re: error levels
Prev in forum: Re: Change user for fopen
Thread view: Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация