DataLife Engine English Support Site » DatalifeEngine Help » Cross site scripting attack Flaw
Welcome,. Enter Username, or register.
Login: password:  



ApadanaGroup's Hosting Services available now with Unbelievable LOW PRICES,
Unlimited SPACE AND Unlimited Transfer ....Check it out !!!
http://unlimitpackage.net/

Cross site scripting attack Flaw

Author Tak, Category DatalifeEngine Help7 September 2006.
Problem: Insufficient variable $_SERVER [?PHP_SELF”]
Affected versions: 4.5, 4.3, 4.2
Hazard level: Low

Open index.php find:
$config['http_home_url'] = str_replace ('index.php', '', $_SERVER['PHP_SELF']);

Replace with:
$config['http_home_url'] = str_replace ('index.php', '', htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])));
 
Your are currently a guest on this site. Please click here to register
  • views: 721
  •  Print
    • 85
     (Votes #: 2)

Your Ad Here

Similar Posts:
  
  • Readmore (For News) with AJAX
  • Weed links in the static page
  • The gallery mod
  • Vulnerability from 18.08.2006
  • How to translate the calendar all versions



    		•


    User Group: Member
    wink
    Joined: 21.07.2006 | ICQ: --
    #1 ViC


    User Group: Member
    you good, man!
    thanks for all your hard work
    vic
    biggrin
    Joined: 3.09.2006 | ICQ: --

    Information

    Members of Guest cannot leave comments.


    Your Ad Here

    Vote

    Datalife Engine is
    Excellent
    Good
    Fair
    Poor
    Bad

    Get Chitika eMiniMalls

    The information

    Online Now:
    Users: 1
    zigmuntt

    Robots: 3
    WebAlta CrawlerGooglebot
    Yahoo

    Guests: 12
    Total: 16

    Last Online Users:
    Users: 20
    abdouaniba admin7
    alnoah bethuy
    bitto dato_var4
    funning17 fur9h
    g-mic javad
    kyoko MaCeLMp4
    Magid Motor
    name_less pakio
    sanalreis sma_eslami
    topsoftware whosthis.ee

    Tgs Cloud

    4support, Added, After, Appointmentmodule, BBcode, CHMOD, Cache, Clear, Cropping, Datalifeengine, Description, Dle, EMail, ENGINE_DIRincparseclassphp, Length, Uberat, access, according, adding, additional, administrator, attention, categories, certain, changes, closing, comments, corrected, creation, directly, domain SUPPORT, editing, enginecachesystemStart, errors, everything, files, folder, forum, friends, indispensable, install, installation, installphp, issue, itsinstructions, language, large, listof, moved, myFAQ, notice, opening, opublikovanye, patterns, player, possible, published, question, received, record, referring, registration, removal, responses, roach, script, server, submit, support, system, titla, upgrade, useful, users, using, version, versions, visitors, which, worry

    To show all tags