Home page logo
/

basics logo Security Basics mailing list archives

About malicious java sciprt running...
From: <s970501 () ku edu np>
Date: Tue, 9 Dec 2003 09:36:41 -0500 (EST)

Hi,

I have a question about javascript exploits.
suppose... somebody can put javascript and can run it,
what can he do?

i have a website running apache/php.
some of pages are workin' like this...

test.php?a=333
...
<?php
  ...
  echo "$a";
  ...
?>
...

i found anybody can run javascript from this source...
like test.php?a=<script>alert("hey")</script> or something else.

but what can he do with this hole...?
is there anything he can do in server side?
is there any javascript can make file or see files in server?

i think... this is very~~~ common hole in many sites.

thanks...




---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault