Solved

XSS

Posted on 2009-04-02
1
206 Views
Last Modified: 2012-05-06
Dear all,

I click this link by mistake,

What does this link do? It didn't opened a page or and alert
Does it harmful?

http://www.phpnuke.org/user.php?op=userinfo&uname=<script>alert(document.cookie);</script>
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
mosidiot earned 500 total points
ID: 24048649
Nope... Not at all..

First of all, phpnuke is a official clean domain for php addon portal download and stuff, it wouldn't contain anything harmful..

Secondly, <script>alert(document.cookie);</script> doesn't do any harm and even it contain malicious script e.g. the cookie content is something like:
);</script><script>do something bad here;alert("again"

at most the whole thing will look like:

<script>alert();</script><script>do something bad here;alert("again");</script>

But don't forget cookie are only allowed to store a maximum of 3kb of data, that include it's own preset data and etc. I don't believe how harmful can a hundred line of code can do to your computer...

As long as it doesn't prompt you to download and open any file, you should be quite safe...
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question