Solved

XSS

Posted on 2009-04-02
1
205 Views
Last Modified: 2012-05-06
Dear all,

I click this link by mistake,

What does this link do? It didn't opened a page or and alert
Does it harmful?

http://www.phpnuke.org/user.php?op=userinfo&uname=<script>alert(document.cookie);</script>
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
mosidiot earned 500 total points
ID: 24048649
Nope... Not at all..

First of all, phpnuke is a official clean domain for php addon portal download and stuff, it wouldn't contain anything harmful..

Secondly, <script>alert(document.cookie);</script> doesn't do any harm and even it contain malicious script e.g. the cookie content is something like:
);</script><script>do something bad here;alert("again"

at most the whole thing will look like:

<script>alert();</script><script>do something bad here;alert("again");</script>

But don't forget cookie are only allowed to store a maximum of 3kb of data, that include it's own preset data and etc. I don't believe how harmful can a hundred line of code can do to your computer...

As long as it doesn't prompt you to download and open any file, you should be quite safe...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Matthew
I am a very big proponent of technology compliance standards and strive to meet such criteria in all of my work. That includes my site, which is 100% XHTML 1.0 compliant as determined by the World Wide Web Consortium. https://www.matthewstevenkel…
This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question