Jump to content

Archived

This topic is now archived and is closed to further replies.

raine

<script> parameter

Recommended Posts

I just started learning about regular expresions and was testing what I wrote to see if it was checking my parameters properly and ran into this problem. When I enter <script> as the parameter to pass, the server sends me a 406, saying that the data is not acceptible. I was wondering if this is by design, or if there is a fix for it.

Thanks

Share this post


Link to post
Share on other sites
Wait... youre using a script tag for php?
just use

<?php
php code here
?>

Share this post


Link to post
Share on other sites
Oh, no no. My code is all in the <? php ?> tag.
What I meant was I was basically tampering with my own parameters in the URL.

For example, I typed http://<hostname>/page.php?param=<script> and the server gave me a 406. Actually, the string '<script' is already enough to cause the 406. I can't see how my code is giving me a 406 so I thought it might be the server's problem. Just wanted to see what others think and to see if there is a solution.

Share this post


Link to post
Share on other sites
Are you put html/javascript in the url? Why are you tryiung to put html/javascript in the url!

Share this post


Link to post
Share on other sites
<script> tags and other URL encoded variants of it are often injected into URL POST/GET parameters to perform XSS attacks on a website.
So I'm trying to come up with some counter measures.

Share this post


Link to post
Share on other sites
You could use regex and strip_tags in your varibles of $_GET if they enter it in the URL

[code]
$varible = strip_tags($_GET['url']);
if (!preg_match('/^\w+$/', $varible)) {
echo "Only user letters, numbers and underscores!"; //Thats for what it says haha
}
[/code]

Unless I read your last post wrong and this means nothing to you lol

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.