Good question @Frank, and yes it is. Cheers Murray
On Wed, 15 Nov 2023 at 07:36, Frank Gingras <thu...@apache.org> wrote: > To be clear, is sobs.com.au your domain name? > > On Tue, Nov 14, 2023 at 1:26 PM Murray Collingwood < > mur...@focus-computing.com.au> wrote: > >> Hi folks >> >> First time poster. I recently became aware that hackers were able to >> include scripts in my URLs that would run (when reflected back to the >> client web browser). >> >> Is there a simple configuration in Apache that allows me to apply strict >> rules to the URLs that would stop this happening? >> >> Alternatively, is there something I have opened / allowed that enables >> this? >> >> For example: >> https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj >> >> >> Hope you can help. >> >> Cheers >> Murray >> >> >> -- >> Murray Collingwood >> Focus Computing >> >> Australia ph 07 3175 0575 >> New Zealand ph 03 928 1699 >> >> http://www.focus-computing.com.au >> >> -- Murray Collingwood Focus Computing Australia ph 07 3175 0575 New Zealand ph 03 928 1699 http://www.focus-computing.com.au