Re: PHP_SELF XSS
List posts in the topic
Re: PHP_SELF XSS
msg# 1.1
hmmm.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.
Votes:2
Average:0.00
Posts tree