Hey all,

You may have seen my earlier message about a current client whose site I've taken over maintenance on that is trying to get PCI Compliance from Security Metrics. I've put all the forms behind https and a couple of other things, but this one I don't know how to solve. I'll read up on cross site scripting, but could someone help me understand what they believe the vulnerability is in their notes below?


Thanks,
Skip

Possible cross site scripting on http://www.ranghart.com/index.php

Use the following commands to verify this: wp --inject

"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
TCP http/https 4
                 curl -L

"http://www.ranghart.com/index.php?action=searchkw=SEARCH%22%3E%3Cscript%3Ealert%28123%29%3C%
grep "123" This website may have other injection related vulnerabilities.

--
====================================
Skip Evans
Big Sky Penguin, LLC
503 S Baldwin St, #1
Madison WI 53703
608.250.2720
http://bigskypenguin.com
------------------------------------
Those of you who believe in
telekinesis, raise my hand.
 -- Kurt Vonnegut

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to