Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?) — PHP Programming Language

You are here: Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?) « PHP Programming Language « IT news, forums, messages

Posted by Jim Carlock on 02/27/06 19:46

"Chuck Anderson" <websiteaddress@seemy.sig> wrote:
> I'm just trying to follow this discussion, so I tried the examples to
> see what happens
>
> When I re-create the example at:
> http://blog.phpdoc.info/archives/13-XSS-Woes.html

Hi, Chuck,

I provided the link as an explanation of the problem rather than
trying those items out. I did notice that the same typed uri that Colin
McKinnon suggested to test things was found on that page.

Colin McKinnon's sample works for me.

(1) Page named test.php containing:

<?php phpinfo(); ?>

(2) Then type into the address-bar:

http://localhost/test.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E%3Cblahblah

That specific example requires a browser with JavaScript enabled.

(1) I tested the following code with Internet Explorer, saved as file
named test.php.

<html>
<head>
<title>Testing Server Variables</title>
</head>
<body><a href="#<?php echo($_SERVER['SERVER_NAME']); ?>">Hold your mouse over this link</a>
<?php echo($_SERVER['PHP_SELF']); ?></body></html>

(2) Then typed the following into the address bar of Internet Explorer:

http://localhost/test.php/%22%3E%3Cimg%20src=http://www.perl.com/images/75-logo.jpg%3E%3Cblah

It presented the following HTML encoding, properly rendering the
displayal of the picture:

<html>
<head>
<title>Testing Server Variables</title>
</head>
<body><a href="#127.0.0.1">Hold your mouse over this link</a>
/test.php/\"><img src=http://www.perl.com/images/75-logo.jpg><blah></body></html>

When moving the mouse over the the line that says,

"Hold your mouse over this link".

Take notice of what the browser puts in your statusbar while hovering
over the link.

I tested the problems on two different servers,

(1) is a server running PHP on Apache on Windows XP Pro.
(2) I see the problem on the Unix server running Apache and
PHP.

Both servers are running older versions of Apache (1.3) and
PHP (4.4.1). So perhaps it only applies to older versions of
PHP?

Just curious, which versions of PHP are you testing this on?

Jim Carlock
Post replies to the group.

Navigation:

Next in forum: Re: Just curious... does Fx.php work with the new filemaker 8?
Prev in forum: Re: Change user for fopen
Thread view: Re: $_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация