Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Security issue - Cross Site scripting?
Security issue - Cross Site scripting?
  • El Forum
    Unregistered
  •  
#1
03-10-2011, 11:24 AM

[eluser]huzzi[/eluser]
Hi Guys!

I'm running a website on CI 1.7.2, i've been told by a security expert that my site is vulnerable to scross site script as explained below.


Quote:For the issue relating to More Comersus Cart, whether or not you are
running the program, the following page appears to be vulnerable to
Cross Site scripting....
https://www.domain.com/scripts/backoffic....asp?error=
You can verify this yourself by going to the following domain....
https://www.domain.com/scripts/backoffic...T>alert('XSS')</SCRIPT>
Now, if you look at the source code, you will see that the script has
made it into that source code and it is not properly sanitized.

this is what's added to the source code.

Code:
<link rel="canonical" href="http://www.domain.com/scripts/backofficeplus/comersus_backoffice_supportError.asp?error=[removed]alert('XSS')<.html" />

[REMOVED]=SCRIPT

My question is, is this something i should be concerned about? If so, what's the solution?

Many thanks in advance.

Huzzi


Messages In This Thread
Security issue - Cross Site scripting? - by El Forum - 03-10-2011, 11:24 AM
Security issue - Cross Site scripting? - by El Forum - 03-10-2011, 01:13 PM
Security issue - Cross Site scripting? - by El Forum - 03-10-2011, 04:59 PM
Security issue - Cross Site scripting? - by El Forum - 03-11-2011, 03:07 AM
Security issue - Cross Site scripting? - by El Forum - 03-11-2011, 03:43 AM



Theme © iAndrew 2016 - Forum software by © MyBB