473,320 Members | 1,948 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Re: Form Reload with Tainted Values

Joost Diepenmaat:
*If* that's true, then the input can be used as an XSS attack -
they'll just have to lure some unsuspecting victim to the
error/feedback page you created.
None of the returned values will ever be stored in a session (or make it
into the database), so I assume that hijacking and/or redirection will not
be an issue. Put another way around, if the attacker's browser will be the
only client to display rouge input, what's the harm to the rest of us?

Mike
Jun 27 '08 #1
2 1740
Michael Ruebner <nj**@lunchinglads.netwrites:
Joost Diepenmaat:
*If* that's true, then the input can be used as an XSS attack -
they'll just have to lure some unsuspecting victim to the
error/feedback page you created.

None of the returned values will ever be stored in a session (or make it
into the database), so I assume that hijacking and/or redirection will not
be an issue. Put another way around, if the attacker's browser will be the
only client to display rouge input, what's the harm to the rest of us?
vulnerable.php =<?php print ($_GET['print']); ?>

<a href="vulnerable.php?print=<script>alert(document. cookie)</script>">
Please follow this link</a>

The attacker is the person who creates the link (or form, if it's a
POST-based attack instead).
The victim is the person who gets tricked into clicking on it.
They don't need to be the same person.

Persistent XSS, where the value gets stored in the database and then
redisplayed, is *worse* than this because the victims just have to
look at the legitimate site, and the more that look, the worse it
gets. However, tricking someone into clicking on a link on a
relatively unrelated web page is not exactly difficult.

With most common web programming languages making it incredibly
difficult to avoid filling code with XSS bugs, it's not an easy thing
to ensure doesn't happen, but it's absolutely necessary.

http://www.cgisecurity.com/articles/xss-faq.shtml has a few more examples.

--
Chris
Jun 27 '08 #2
Chris Morris:
The attacker is the person who creates the link (or form, if it's a
POST-based attack instead).
The victim is the person who gets tricked into clicking on it.
They don't need to be the same person.
OK. Got it. I was stuck on persistent XSS and lost sight of the simpler
things in life ;-)

Thanks for your, and Joost's, input.

Mike
Jun 27 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

66
by: Ellinghaus, Lance | last post by:
> > Other surprises: Deprecating reload() >Reload doesn't work the way most people think >it does: if you've got any references to the old module, >they stay around. They aren't replaced. ...
1
by: Emmanuel | last post by:
Hi, I use a 'reload all' feature in my app, that allow to reload every module. I first try this version : import sys def Reload():
2
by: kelvin | last post by:
Hi, I'm having this problem and I can't seem to solve it. I've created a confirmation page. The page displays the form field data and has 2 links - OK (to continue) and Cancel (go back to...
19
by: Darren | last post by:
I have a page that opens a popup window and within the window, some databse info is submitted and the window closes. It then refreshes the original window using window.opener.location.reload(). ...
1
by: jeffrobbins | last post by:
Hello, I am having an issue that I haven't been able to find an answer for. Any help or pointers to information would be appreciated. I have a form, lets call it mainForm, that contains a...
1
by: Amir Steta | last post by:
i am using one aspx.net form to enter data. it is opened as a popup window (lets call it dataentry.aspx) on w=760 and h=400. from this page i allow opening new aspx.net form (searchdata.aspx) to...
2
by: sujith.bolar | last post by:
Hello I am using a <form method="post"to submit values to the processing agent. If the processing agent returns an error, I call the history.go(-1) or history.back() function to reload the page....
16
by: sreemati | last post by:
Hi everyone, This is the scenario: I have two button - Submit and Reset Submit is used for validation and after validation is passed it passes it to another form to enter into database. ...
3
Ajm113
by: Ajm113 | last post by:
Ok for some reason after the update of Firefox it seems that my form keeps getting submitted when the user made a error on the form. I just want the page to reload so the user may try again. Because...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.