Kryptix Posted November 4, 2011 Share Posted November 4, 2011 Er, when you go to page.html/1 on my website it takes the CSS away. Someone found out an XSS exploit as I was taking the page title from the file name, and they done page.html/1/</title><javascript... I noticed on lots of websites you can add / after page names and mess things up. Is there anyway to disable this or a work around using lighttpd? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 4, 2011 Share Posted November 4, 2011 Is register_globals set to On in your php.ini file, by chance? Quote Link to comment Share on other sites More sharing options...
Kryptix Posted November 4, 2011 Author Share Posted November 4, 2011 Is register_globals set to On in your php.ini file, by chance? Nope, they're set to off Quote Link to comment Share on other sites More sharing options...
Kryptix Posted November 5, 2011 Author Share Posted November 5, 2011 Anyone? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted November 5, 2011 Share Posted November 5, 2011 You should probably post the code that exhibits the problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.