phpninja wrote:
Found an XXS hole in testing a few things, you want to fix this before a
full scale release
http://formbuilder2.esourcehome.com/?module=forms&action=view&ID=%3Cscript%3Ealert(%22sux%20sux%22)%3C/script%3E<script>alert(document.cookie);</script
_Always_ check URLs in your code for valid entries. You don't want
people using SQL injection on a million-dollar database, or loading an
email form on a third party server via their URL injected into your URL
so they can spam 100,000 people as an authenticated user in your domain.
Can one underline, bold, and italicise in a plain text email? If so:
_*/always/*_ check...
Brandon Stout
http://mscis.org
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
