[nycphp-talk] wonderful presentation on Tuesday
Susan Shemin
susan_shemin at yahoo.com
Thu Apr 26 17:19:17 EDT 2007
That makes sense with database data, but how about "hijacking" the submit button by putting their script on the button/image that sends the login info to a different domain site?
I'm not really looking for a specific how it's done (of course), but more for how ever is it possible if the webpage code is in a secure place?
----- Original Message ----
From: Rob Marscher <rmarscher at beaffinitive.com>
To: NYPHP Talk <talk at lists.nyphp.org>
Sent: Thursday, April 26, 2007 4:43:48 PM
Subject: Re: [nycphp-talk] wonderful presentation on Tuesday
How ever can someone inject their code/script onto my webpage? The code is on my server so they don't have access to it. Am I missing something here?
If you allow the user to submit anything that is then displayed our your site, they can inject javascript code unless you do a very good job "sanitizing" the user input.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/aa3172f8/attachment.html>
More information about the talk
mailing list