WebApp Sec mailing list archives

Re: XSS help

From: Dan Daggett <ddaggett () gmail com>
Date: Mon, 9 Aug 2004 08:57:04 -0600

On Mon, 09 Aug 2004 23:12:34 +1000, Serg B. <serg () dodo com au> wrote:

So the question is how I could run PHP (not JavaScript, since that was
covered in numerous papers and presentations...) from what I found.


Well unless the contents of the var variable are being saved to a file
and then included into the PHP script I don't see how you can.

$handle = fopen("/path/to/include/file","w");
fputs($handle,$_GET['var']);
fclose($handle);
include("/path/to/include/file");

The problem is that it is being read in via a variable in PHP so
everything within that variable is just printed as is.

ie:  echo $_GET['var'];

So basically whatever you pass through the URL is being quoted and
placed in a string variable.

Dan Daggett

Current thread:

XSS help Serg B. (Aug 09)
- Re: XSS help Dan Daggett (Aug 09)
- Re: XSS help David Precious (Aug 09)
  - RE: XSS help Mike Andrews (Aug 09)
  - Re: XSS help Serg B. (Aug 09)
    - RE: XSS help Matt Szubrycht (Aug 09)
    - Re: XSS help Blake Schneider (Aug 13)
    - unsubsribe Riccardo Tempesta (Aug 17)
- <Possible follow-ups>
- Re: XSS help focus (Aug 09)