Home page logo
/

basics logo Security Basics mailing list archives

Re: About malicious java sciprt running...
From: Hugo Teso Torío <HugoT () mkzingenieria com>
Date: Wed, 10 Dec 2003 11:07:31 +0100

Take a look at http://sandsprite.com/Sleuth/papers/RealWorld_XSS_1.html I
hope It could answer your questions.

Best regards


----- Original Message -----
From: <s970501 () ku edu np>
To: <security-basics () securityfocus com>
Sent: Tuesday, December 09, 2003 3:36 PM
Subject: About malicious java sciprt running...


Hi,

I have a question about javascript exploits.
suppose... somebody can put javascript and can run it,
what can he do?

i have a website running apache/php.
some of pages are workin' like this...

test.php?a=333
...
<?php
  ...
  echo "$a";
  ...
?>
...

i found anybody can run javascript from this source...
like test.php?a=<script>alert("hey")</script> or something else.

but what can he do with this hole...?
is there anything he can do in server side?
is there any javascript can make file or see files in server?

i think... this is very~~~ common hole in many sites.

thanks...




--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--




---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]