Posted by Beauregard T. Shagnasty on 11/22/07 18:49
Jonathan N. Little wrote:
> Beauregard T. Shagnasty wrote:
>> BootNic wrote:
>>
>>> "Beauregard T. Shagnasty" wrote:
>>>> <form id="frmcontact" method="post" action="<?php echo
>>>> $_SERVER['PHP_SELF']?>">
>>> $_SERVER['SCRIPT_NAME'] would be a better option over $_SERVER['PHP_SELF']
>>
>> I see they return identical results. Is there a reason you think
>> SCRIPT_NAME is better? I'm willing to listen, though I've been using
>> PHP_SELF for many years.
>>
>> http://us3.php.net/reserved.variables
>>
>> 'PHP_SELF'
>> The filename of the currently executing script, relative to the document
>> root. For instance, $_SERVER['PHP_SELF'] in a script at the address
>> http://example.com/test.php/foo.bar would be /test.php/foo.bar. The
>> __FILE__ constant contains the full path and filename of the current
>> (i.e. included) file.
>>
>> 'SCRIPT_NAME'
>> Contains the current script's path. This is useful for pages which need
>> to point to themselves. The __FILE__ constant contains the full path and
>> filename of the current (i.e. included) file.
>>
>
> http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=PHP_SELF+xss+vulnerability&spell=1
> PHP_SELF xss vulnerability - Google Search
Most of the remarks there seem to refer to Wordpress. Is that the only
place the vulnerability exists?
One page said to append: /"><script>alert(1)</script>
to your URL. "If you receive a JavaScript popup your template is
vulnerable to this attack." None of my sites return a popup. Should I
worry? (No Wordpress in use.)
--
-bts
-Motorcycles defy gravity; cars just suck
[Back to original message]
|