What are the vulnerability related to PHP Form?

0 votes
I wanted to know how my php form's data can be attacked by hacker??
4 days ago in PHP by kartik
• 1,910 points
12 views

1 answer to this question.

0 votes

Hii,

The $_SERVER["PHP_SELF"] variable can be used by hackers!

If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

Assume we have the following form in a page named "test_form.php":

<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">

Now, if a user enters the normal URL in the address bar like "http://www.edureka.com/test_form.php", the above code will be translated to:

<form method="post" action="test_form.php">

However, consider that a user enters the following URL in the address bar:

http://www.example.com/test_form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

In this case, the above code will be translated to:

<form method="post" action="test_form.php/"><script>alert('hacked')</script>

This code adds a script tag and an alert command. And when the page loads, the JavaScript code will be executed (the user will see an alert box). This is just a simple and harmless example how the PHP_SELF variable can be exploited.

Be aware of that any JavaScript code can be added inside the <script> tag! A hacker can redirect the user to a file on another server, and that file can hold malicious code that can alter the global variables or submit the form to another address to save the user data.

If you want to know these vulnerability can be discard- PHP Form Security

answered 4 days ago by Niroj
• 3,230 points

Related Questions In PHP

0 votes
1 answer

How to validate E-mail and URL of Php form?

hey, The code below shows a simple way ...READ MORE

answered 4 days ago in PHP by manish
21 views
0 votes
1 answer

What is Php json?

Hii @kartik, JSON stands for JavaScript Object Notation, ...READ MORE

answered 3 days ago in PHP by Niroj
• 3,230 points
13 views
0 votes
1 answer

How can you display the error messages?

Hey, In the HTML form, we add ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
13 views
0 votes
0 answers
0 votes
0 answers

Anyone can help me out to understand the semantic of (document.getElementBYId("demo").innerHTML="Hello") ?

Hello guys, Can Someone helps me to find ...READ MORE

Jan 17 in Web Development by anonymous
• 1,910 points
26 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20 in Web Development by Niroj
• 3,230 points

edited Jan 21 by Niroj 29 views
0 votes
1 answer

How can we avoid my php form from hacking?

Hii @kartik, If you want to know php ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
15 views
0 votes
1 answer

How to Validate Form Data With PHP?

Hey @kartik, The first thing we will do ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
11 views
0 votes
1 answer

What is a Cookie? How to create Cookies With PHP?

A cookie is often used to identify ...READ MORE

answered 4 days ago in PHP by Niroj
• 3,230 points
16 views
+1 vote
1 answer

What are the interview questions that could be asked related to AWS?

Genuine answer would be that you never ...READ MORE

answered Jul 12, 2018 in AWS by Priyaj
• 57,530 points
1,153 views