PEAK XOOPS - PHP_SELF XSS 
PHP_SELF XSS
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/8/30 10:35
jseymour
From: Gainesville Florida, USA
Posts: 40
From: Gainesville Florida, USA
Posts: 40
I seem to be getting a lot of this with search engine bots and the xoopsodp module. Is there any reason for this?
I am using protector 2.52 and have had this with both msnbot and gogglebot in the protector logs on my site. Sometimes upwards of 60 entries for the same IP and the same ODP page. Using XOOPS 2.0.13.1.
Here is an example log entry:
Quote:
I am using protector 2.52 and have had this with both msnbot and gogglebot in the protector logs on my site. Sometimes upwards of 60 entries for the same IP and the same ODP page. Using XOOPS 2.0.13.1.
Here is an example log entry:
Quote:
2005/8/29 15:51:36 Guests 207.46.98.34
msnbot/1.0msnbot/1.0 (+http://search.msn.com/msnbot.htm) PHP_SELF XSS Invalid PHP_SELF '/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/' found.i
Votes:0
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2005/9/1 12:49
GIJOE
Posts: 4110
Posts: 4110
hmmm.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.
It's difficult.
There is a vulnerablity of "PHP_SELF XSS" in all versions of XOOPS.
Protector stop it because it found illegal character (=') in PHP_SELF.
I think the way of xoopsodp is not good.
PATH_INFO must be like a PATH.
/modules/xoopsodp/index.php/Arts/Literature/Children\'s/Authors/N/Numeroff,_Laura/
If you can, rename Children's to Childrens or etc.
Votes:2
Average:0.00
Login