1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 5:12 am May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Anybody know what vulnerability this is looking for?

         

Mokita

11:43 am on Oct 11, 2006 (gmt 0)

10+ Year Member



<script src=http://example.js>jonny</script>

I found this posted in search forms on a couple of our sites.

A search in Google reveals it being posted to Blog comments and Guestbooks too, but no info about what they are probing for or what effect it has if or when executed.

I am wondering how to know if the search scripts we use are secure.

Sorry if this is the wrong forum, I couldn't work out where my question should go.

[edited by: trillianjedi at 4:03 pm (utc) on Oct. 11, 2006]
[edit reason] Examplifying - let's not spread the thing ;) [/edit]

Receptional Andy

3:58 pm on Oct 11, 2006 (gmt 0)



It looks like an attempted Cross Site Scripting (XSS) attack to see whether HTML posted into your form is printed onto the page. The script linked above is blank, so it's just a test case.

A quick vulnerability test would be to enter some html of your own into your form. If you put in the below it will give you an idea:


If <b>this text</b> is bold the script is potentially vulnerable.

Mokita

9:41 pm on Oct 11, 2006 (gmt 0)

10+ Year Member



Thanks Andy! Very helpful reply.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 5:12 am May 22, 2026