Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Can a URI var ever be malicious?
Can a URI var ever be malicious?
  • El Forum
    Guest
  •  
#6
04-20-2012, 10:27 AM

[eluser]luismartin[/eluser]
In that case I'm not sure at 100%.

Well, in case you (for some reason) urldecode some data from the URL which are url encoded (so that it passes the CI URI filter) you might get the malicious script as it is.

Example:
Code:
<scri*pt>alert('hello')</scri*pt>
to
Code:
#3cscript#3ealert(#27hello#27)#3c#2fscript#3e
(replacing # with % and removing the asterisks , as the forum filter censors any script tag)

But I'm not absolutely sure of this behaviour.


Messages In This Thread
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:00 AM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 02:13 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 10:38 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:02 PM
Can a URI var ever be malicious? - by El Forum - 04-19-2012, 11:04 PM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:27 AM
Can a URI var ever be malicious? - by El Forum - 04-20-2012, 10:44 AM



Theme © iAndrew 2016 - Forum software by © MyBB