Security Basics mailing list archives

Re: About malicious java sciprt running...

From: Hugo Teso Torío <HugoT () mkzingenieria com>
Date: Wed, 10 Dec 2003 11:07:31 +0100

Take a look at http://sandsprite.com/Sleuth/papers/RealWorld_XSS_1.html I
hope It could answer your questions.

Best regards

----- Original Message -----
From: <s970501 () ku edu np>
To: <security-basics () securityfocus com>
Sent: Tuesday, December 09, 2003 3:36 PM
Subject: About malicious java sciprt running...

Hi,

I have a question about javascript exploits.
suppose... somebody can put javascript and can run it,
what can he do?

i have a website running apache/php.
some of pages are workin' like this...

test.php?a=333
...
<?php
  ...
  echo "$a";
  ...
?>
...

i found anybody can run javascript from this source...
like test.php?a=<script>alert("hey")</script> or something else.

but what can he do with this hole...?
is there anything he can do in server side?
is there any javascript can make file or see files in server?

i think... this is very~~~ common hole in many sites.

thanks...




--------------------------------------------------------------------------

--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

About malicious java sciprt running... s970501 (Dec 09)
- Re: About malicious java sciprt running... Shaun Colley (Dec 09)
- Re: About malicious java sciprt running... オマルイスマイル (Dec 10)
- Re: About malicious java sciprt running... Hugo Teso Torío (Dec 10)
- <Possible follow-ups>
- About malicious java sciprt running... Trystano (Dec 09)
  - security awareness employee briefings Steve (Dec 10)
- Fw: About malicious java sciprt running... GUs (Dec 10)