What are the vulnerability related to PHP Form?

0 votes
I wanted to know how my php form's data can be attacked by hacker??
Feb 13 in PHP by kartik
• 10,760 points
65 views

1 answer to this question.

0 votes

Hii,

The $_SERVER["PHP_SELF"] variable can be used by hackers!

If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

Assume we have the following form in a page named "test_form.php":

<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">

Now, if a user enters the normal URL in the address bar like "http://www.edureka.com/test_form.php", the above code will be translated to:

<form method="post" action="test_form.php">

However, consider that a user enters the following URL in the address bar:

http://www.example.com/test_form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

In this case, the above code will be translated to:

<form method="post" action="test_form.php/"><script>alert('hacked')</script>

This code adds a script tag and an alert command. And when the page loads, the JavaScript code will be executed (the user will see an alert box). This is just a simple and harmless example how the PHP_SELF variable can be exploited.

Be aware of that any JavaScript code can be added inside the <script> tag! A hacker can redirect the user to a file on another server, and that file can hold malicious code that can alter the global variables or submit the form to another address to save the user data.

If you want to know these vulnerability can be discard- PHP Form Security

answered Feb 13 by Niroj
• 21,680 points

Related Questions In PHP

0 votes
0 answers

What are the differences in die() and exit() in PHP?

I think both have the same functionality, ...READ MORE

Apr 8 in PHP by kartik
• 10,760 points
23 views
0 votes
1 answer

How to Validate Form Data With PHP?

Hey @kartik, The first thing we will do ...READ MORE

answered Feb 13 in PHP by Niroj
• 21,680 points
89 views
0 votes
1 answer

What is a Cookie? How to create Cookies With PHP?

A cookie is often used to identify ...READ MORE

answered Feb 13 in PHP by Niroj
• 21,680 points
106 views
0 votes
1 answer

How to validate E-mail and URL of Php form?

hey, The code below shows a simple way ...READ MORE

answered Feb 13 in PHP by manish
81 views
+1 vote
1 answer

How can we send message multiple time to a specific person or group in whatsapp using loop?

Hii @kartik,  This is simple task to send single ...READ MORE

answered Feb 28 in Java-Script by Niroj
• 21,680 points
220 views
0 votes
0 answers

Anyone can help me out to understand the semantic of (document.getElementBYId("demo").innerHTML="Hello") ?

Hello guys, Can Someone helps me to find ...READ MORE

Jan 17 in Web Development by anonymous
• 10,760 points
47 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20 in Web Development by Niroj
• 21,680 points

edited Jan 21 by Niroj 67 views
0 votes
1 answer

What are the best way to allow plugins for a PHP application?

Hii, Here is an approach I have  used, it's ...READ MORE

answered Apr 1 in PHP by Niroj
• 21,680 points
24 views
0 votes
1 answer

What is the best way to allow plugins for a PHP application?

Hello @kartik, I've used, it's an attempt to ...READ MORE

answered Apr 15 in PHP by Niroj
• 21,680 points
14 views