[nycphp-talk] PHP Pentration Discussion
Jose Villegas
jv_nyphp at duikerbok.com
Sat May 28 11:21:10 EDT 2005
The site in question wasn't escaping characters submitted by a user so
a person could submit html code which manipulated the markup of the
response page.
One question: Rasmus mentions that he can trick people into sending
their user names and passwords. I'm assuming he meant he could do this
with the hack he demonstrated. But if he goes to a website and does
this, how does he have access to another person's user names and
passwords? Isn't he only manipulating the response page which only he
is seeing?
I'm guessing if he submits his "name" which contains html code, the
name is stored in a database and retrieved by an administrator,
javascript could be inserted which could grab cookie values (for
example) from the administrator. Something similar could be done if the
name is posted to a bulletin board or a similar web application.
Would there be any other vulnerabilities?
jose
On May 28, 2005, at 1:25 AM, Hans Zaunere wrote:
> For those not on the PHP-General list, a good thread has recently been
> developing where Rasmus showed some interesting examples and
> discussion of cross-site scripting vulnerabilities.
>
> Follow the thread
> http://marc.theaimsgroup.com/?t=111721168800001&r=1&w=2
>
> And Rasmus' first post:
> http://marc.theaimsgroup.com/?l=php-general&m=111722197717368&w=2
> ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1374 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050528/d3152673/attachment.bin>
More information about the talk
mailing list