PEAK XOOPS - Re: PHP_SELF XSS 
Re: PHP_SELF XSS
Re: PHP_SELF XSS
msg# 1.1
- depth:
- 1
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2005/9/1 12:49
GIJOE
Posts: 4110
Posts: 4110
hmmm.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.
Votes:2
Average:0.00
Posts tree
-
PHP_SELF XSS
(jseymour, 2005/8/30 10:35)
-
Re: PHP_SELF XSS
(GIJOE, 2005/9/1 12:49)
-
Login