Hello,
today I came to work and got a call about a website with JAnswers which instead of opening was redirecting to
www.google.com. I found out that a user tried a few scripting commands like these:
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
';window.location=www.delfi.lt)//\';window.location=www.delfi.lt//";window.location=www.delfi.lt//\";window.location=www.delfi.lt//--></SCRIPT>">'><SCRIPT>window.location=http://www.delfi.lt</SCRIPT>
'<script>document.location='
www.google.com/'</script>
With the last one user managed to redirect the website to
www.google.com. I beleive that this is a serious security risk and it should be fixed. Any suggestions on how to precent such things from happening ever again?