Joomla Extensions and Components by thePHPfactory

Hello,

today I came to work and got a call about a website with JAnswers which instead of opening was redirecting to www.google.com. I found out that a user tried a few scripting commands like these:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

';window.location=www.delfi.lt)//\';window.location=www.delfi.lt//";window.location=www.delfi.lt//\";window.location=www.delfi.lt//--></SCRIPT>">'><SCRIPT>window.location=http://www.delfi.lt</SCRIPT>

'<script>document.location='www.google.com/'</script>;

With the last one user managed to redirect the website to www.google.com. I beleive that this is a serious security risk and it should be fixed. Any suggestions on how to precent such things from happening ever again?

Script execution through question field 13 years 9 months ago #1

Re: Script execution through question field 13 years 9 months ago #2

Horatiu Brinza The Factory's Development Team member. Bucharest Localtime: 15:05 Europe/Bucharest Posts: 1425	LOCKED VIEW - ANSWERS ARE NOT VISIBLE This is a private forum, open ONLY to licensed customers! You can purchase a license and the correspondent forum board will be unlocked. In case of an already existing valid license, just login with your account and you will have access to the complete board.
	Don't be afraid to ask dumb questions. They're more easily handled than dumb mistakes. The administrator has disabled public write access.

Login to your account

Script execution through question field 13 years 9 months ago #1

Re: Script execution through question field 13 years 9 months ago #2