On Friday 27 April 2007 14:26, Cristian Rodriguez R. wrote: > John D Lamb escribió: > > <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>"> > > Sure,and then you get a free security hole. > > it should say. > > <form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>"> > > or in case you **really** want to use PHP_SELF > > <form method="post" action="<?php echo > htmlspecialchars($_SERVER['PHP_SELF']); ?>">
If that's true, then anyone could just grab the HTML, change the SCRIPT_NAME back to PHP_SELF, edit or add an action= attribute so the original server's URL is targeted and that server is rendered vulnerable again. So again I ask, is PHP really this unsecure? Are all the phpBB sites, all the MediaWikis (including WikiPedia) vulnerable to such a trivial exploit? I hope not... Randall Schulz -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
