Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions

Prev | Current Page 95 | Next

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"

$_GET{'UserInput'} . '".';
} else {
$out = '';
}
print $out;
?>

Figure 2-1 illustrates how this page appears when this code is placed at http://publicpages.
university.edu/~someuser/LearningPhp.php.
When the user clicks Submit Query, the web application makes the following GET
request to the server:
http://public-pages.university.edu/~someuser/LearningPhp.php?input=blah
The PHP application sees that the user inputted blah and responds with the page
shown in Figure 2-2.
The HTML source code for Figure 2-2 is shown next, with the user input in
boldface.

your input was: "blah".

34 Hacking Exposed Web 2.0
Figure 2-1 A simple PHP script accepting user input (LearningPhp.php)
Figure 2-2 The response from LearningPhp.php after the user inputs ???blah???
Chapter 2: Cross-Site Scripting 35
Note that the user can input anything he or she pleases, such as , ,

, or something
else that injects JavaScript into the page.

Pages:
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107

After the Rain : how the West lost the East (page 107) A History of Indian Philosophy, Volume 1 (page 348) The Adventures of Tom Sawyer, Part 3. (page 8)

Books for you

Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos

"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"