Thread: XSS Hole in PHP_SELF
View Single Post
  #1 (permalink)  
Old Mar 24th, 2008, 17:23
prydie prydie is offline
Junior Member
Join Date: Dec 2007
Location: UK
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
XSS Hole in PHP_SELF
It was brought to my attention recently by a reader of the blog that there was a vulnerability in one of my posts (The email sending script). I dismissed it becuase PHP_SELF is a server variable but then he confirmed with a proof of concept.

I think you as programmers should have a look at this. It escaped me and before coming into webdesign i was in security so I should have come across it!

http://blog.pryde-design.co.uk/2008/...e-in-php_self/

Andrew

Disclaimer: I am posting this as a contribution to the forum I would like to think that is a good one so please don't remove it just becuase its posted on my blog I have spoken to jackfranklin about my methods already.
Reply With Quote