Mailinglist Archive: opensuse (3566 mails)

On Friday 27 April 2007 20:37, Cristian Rodriguez R. wrote:
> Randall R Schulz escribió:
> > You've got to clarify this. I see an HTML form that submits PHP
> > code.
>
> no, the html form does not submit PHP code, what you are seeing
> **is** PHP code mixed with html, that is interpreted on the server.
>
> <form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
>
> will be displayed to the user browser as:
>
> <form method="post" action="myscript.php">
>
> where myscript.php is the name of the current script in execution.
>
> in this case, the programmer laziness permits and XSS attack.

I see.

> ...
>
> > How is that not an avenue for an injection exploit?
>
> it is, but for XSS.
>
> > What is XSS?
>
> XSS == Cross Site Scripting
>
> http://en.wikipedia.org/wiki/Cross_site_scripting

I'm aware of the issue, just not the acronym.

RRS
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous

Next >

Mailinglist Archive: opensuse (3566 mails)

Re: [opensuse] PHP Question

Search this list

List Navigation

This Thread

References