Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

About malicious java sciprt running...

From: <s970501 () ku edu np>
Date: Tue, 9 Dec 2003 09:36:41 -0500 (EST)
Hi,

I have a question about javascript exploits.
suppose... somebody can put javascript and can run it,
what can he do?

i have a website running apache/php.
some of pages are workin' like this...

test.php?a=333
...
<?php
  ...
  echo "$a";
  ...
?>
...

i found anybody can run javascript from this source...
like test.php?a=<script>alert("hey")</script> or something else.

but what can he do with this hole...?
is there anything he can do in server side?
is there any javascript can make file or see files in server?

i think... this is very~~~ common hole in many sites.

thanks...




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: