[thelist] [tip] Macromedia even forgets (encoding user input)

AxssDnied axssdnied at borg.darktech.org
Wed Jun 25 14:49:02 CDT 2003


The risks are two-fold... for your server, and for any body else on the
internet.

it's rather a really big problem... what if instead of a meta tag it was a
javascript that sent off your cookies for that site to an anonymous inbox
at hotmail or some other site... I have read that in some distant past,
hotmail accounts were being hacked through such a vulnerability.
If it's data passed on the query line it gets even worse as a hacker can
make a simple link that points to your site to exploit this kind of
vulnerability. Soo, your site could be forced to hack a clients computer
through his browser... (look for vulnerabilities in browsers that state
words like "malicious" "site" in the same paragraph)

also there's always the possibility of a unhandled user input breaking
your database appart... a simple one is to consider php with no data
filtration..
$sqlquerry = "select * from aTableName where aVariable = '{$_GET['avar']}';
hacker could simply pass something like ?avar=' or '1' = '1   and that
would make all lines true...

these are only rough examples I can immediatly think of... but a lot can
happen in a similar way... all depends on where it is that the input is
being used and to what level it is being filtered/unfiltered.

Hope this helps,
Andrew


ps: I do input validation on absolutely everything (post, get, cookies,
db, session) and when in doubt... die();


More information about the thelist mailing list