Web Design and Development Forums

XSS Hole in PHP_SELF

This is a discussion on "XSS Hole in PHP_SELF" within the Java, JSP, Cold Fusion section. This forum, and the thread "XSS Hole in PHP_SELF are both part of the Program Your Website category.

Old Mar 24th, 2008, 17:23   #1 (permalink)
Junior Member
 
Join Date: Dec 2007
Location: UK
Posts: 29
XSS Hole in PHP_SELF
It was brought to my attention recently by a reader of the blog that there was a vulnerability in one of my posts (The email sending script). I dismissed it becuase PHP_SELF is a server variable but then he confirmed with a proof of concept.

I think you as programmers should have a look at this. It escaped me and before coming into webdesign i was in security so I should have come across it!

http://blog.pryde-design.co.uk/2008/...e-in-php_self/

Andrew

Disclaimer: I am posting this as a contribution to the forum I would like to think that is a good one so please don't remove it just becuase its posted on my blog I have spoken to jackfranklin about my methods already.
prydie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Old Mar 24th, 2008, 17:40   #2 (permalink)
Section Manager - WOTM
Assistant Editor - LZ
 
Jack Franklin's Avatar
 
Join Date: May 2007
Location: Cornwall, England
Posts: 1,102
Blog Entries: 5
Re: XSS Hole in PHP_SELF
Hi Andrew,

The way you have posted this is fine. Thank you.

And good post as well - I read it earlier
__________________
Section Manager (WOTM)

My Weblog & E-Portfolio
Catch me daily on: Twitter | Digg | Flickr
Jack Franklin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Old Mar 24th, 2008, 17:47   #3 (permalink)
Junior Member
 
Join Date: Dec 2007
Location: UK
Posts: 29
Re: XSS Hole in PHP_SELF
Thankyou for both the endorsement of the post here and the post on the blog it means allot to have your support in this especially as we have disagreed in the past.
prydie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Reply

« CMS Recommend? and Questions | Date Display - java script »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
advice about contaent managment for one hole page only vandiermen Design & Development Software 7 Jul 17th, 2007 13:27
Help, hole in layout kokuszka HTML Forum 4 Apr 26th, 2006 11:37
PHP form results $PHP_self is blank jamina1 PHP Forum 17 Sep 23rd, 2005 16:13



Latest Updates

All Points SEO Security Advisory - CHECK YOUR SITE NOW!

Creative Coding :: February 2008
Webforumz is sponsored by: WESH UK Web Hosting
All times are GMT. The time now is 23:02.

Sleep Study Scoring :: Free Bet :: Website Templates :: Online Betting :: Bookmakers :: Funny Quotes :: Internet Recruitment Software :: Microsoft CRM Experts :: Online Casino :: Decorated Christmas Trees :: Midwife Forums :: Football Betting :: Ecommerce Software :: Web Hosting :: Football Stats :: Dry Cleaning Collection :: xtreme wales - extreme clothing :: Apuestas :: Sharepoint Consultants :: Website Optimisation :: Office Clearance London :: Sharepoint Experts :: Sports Betting :: Casino :: Website Templates :: Web Design Development India :: Online Gambling

Powered by: vBulletin Version 3.7, Copyright ©2000 - 2008, Jelsoft Enterprises Limited.
© 2003-2008 Webforumz.com : All Rights Reserved
Search Engine Friendly URLs by vBSEO 3.2.0 RC6


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59