Mailinglist Archive: opensuse (3566 mails)

[Randall R Schulz <rschulz@xxxxxxxxx>]

On Friday 27 April 2007 14:26, Cristian Rodriguez R. wrote:
> John D Lamb escribió:
> > <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
>
> Sure,and then you get a free security hole.
>
> it should say.
>
> <form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>">
>
> or in case you **really** want to use PHP_SELF
>
> <form method="post" action="<?php echo
> htmlspecialchars($_SERVER['PHP_SELF']); ?>">


If that's true, then anyone could just grab the HTML, change the 
SCRIPT_NAME back to PHP_SELF, edit or add an action= attribute so the 
original server's URL is targeted and that server is rendered 
vulnerable again.

So again I ask, is PHP really this unsecure? Are all the phpBB sites, 
all the MediaWikis (including WikiPedia) vulnerable to such a trivial 
exploit?

I hope not...


Randall Schulz
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx