If this is the value directly from the cookie, it's an example of a
cross-site scripting (XSS) vulnerability.
header(Location: $HTTP_REFERER);
This is an HTTP response splitting vulnerability, because the Referer
header (like the Cookie header) is provided by the client. Future
versions
An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security;
Which someone could do this, is another question I have. The user? He's do
something to his own computer, no?
Gerry
On 3/14/06, tedd [EMAIL PROTECTED] wrote:
Hi:
I've been using a php style switcher allowing users to change css.
The code follows:
Within the head tags.
link
tedd wrote:
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
It's not entirely clear from this example, but am I correct in assuming
that $thestyle is the same as $_COOKIE['thestyle'] in this case? In
other words, are you relying on
tedd wrote:
link rel=stylesheet type=text/css media=screen href=?php
echo (!$thestyle)?'style1':$thestyle ?.css
It's not entirely clear from this example, but am I correct in
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this
case? In other words, are you relying on
5 matches
Mail list logo
