Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am accepting user text in a form and echoing it back on the page (the code goes to the database as well but that is prepared queries so no worries there). I wanted to know if there are any possible security implications that can be caused by it? On the server side I mean, i know on the client side you can break but can you reach server side?
I need to know if something like eval can be possibly done with this case.
The scenario you explained is called XSS. It is possible to compromise your server with the help of an XSS vulnerability, but it does need other things to fall in place.
Say you have an administrator account that has permissions to make configuration changes to your server over the web. Now, if an attacker creates a XSS link and somehow gets the administrator to click it, his account would be compromised.
Once the attacker has administrator access, he can systematically take control of the entire system. This happened recently with Apache – read their article on it. It is the best write-up on a security incident I have ever seen, you will learn a lot from it.