On Tue, Jan 20, 2004 at 12:52:47PM +0800, Ganesan Kanavathy wrote: > On the main page I have two text box for username and password. If > unsuccessful login it will display bellows url on the address bar. > > https://192.168.1.90/index.php?errorMSG=<font%20color=red>Invalid%20Login%20 > or%20Password</font><br> > > My question is, will it be possible for someone to execute any codes via the > exposed variable errorMSG variable, like > > https://192.168.1.90/index.php?errorMSG=phpinfo()
First look, I am sure this is vulnerable to cross-site scripting. Why are you passing HTML in your errorMSG variable? If you want separate formatting for different errors, then use an array for all messages and pass an index into that array. I will not rule out code execution too. Binand -- Linux - It is now safe to power ON your computer. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
