What are the vulnerability related to PHP Form

0 votes
I wanted to know how my php form's data can be attacked by hacker??
Feb 13, 2020 in PHP by kartik
• 37,520 points
3,177 views

1 answer to this question.

0 votes

Hii,

The $_SERVER["PHP_SELF"] variable can be used by hackers!

If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

Assume we have the following form in a page named "test_form.php":

<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">

Now, if a user enters the normal URL in the address bar like "http://www.edureka.com/test_form.php", the above code will be translated to:

<form method="post" action="test_form.php">

However, consider that a user enters the following URL in the address bar:

http://www.example.com/test_form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

In this case, the above code will be translated to:

<form method="post" action="test_form.php/"><script>alert('hacked')</script>

This code adds a script tag and an alert command. And when the page loads, the JavaScript code will be executed (the user will see an alert box). This is just a simple and harmless example how the PHP_SELF variable can be exploited.

Be aware of that any JavaScript code can be added inside the <script> tag! A hacker can redirect the user to a file on another server, and that file can hold malicious code that can alter the global variables or submit the form to another address to save the user data.

If you want to know these vulnerability can be discard- PHP Form Security

answered Feb 13, 2020 by Niroj
• 82,840 points

Related Questions In PHP

0 votes
0 answers

What are the differences in die() and exit() in PHP?

I think both have the same functionality, ...READ MORE

Apr 8, 2020 in PHP by kartik
• 37,520 points
849 views
0 votes
1 answer

What are the proper permissions for an upload folder with PHP/Apache?

Hello @kartik, You can create a new group ...READ MORE

answered Nov 13, 2020 in PHP by Niroj
• 82,840 points
2,116 views
0 votes
1 answer

How to Validate Form Data With PHP?

Hey @kartik, The first thing we will do ...READ MORE

answered Feb 13, 2020 in PHP by Niroj
• 82,840 points
3,298 views
0 votes
1 answer

What is a Cookie? How to create Cookies With PHP?

A cookie is often used to identify ...READ MORE

answered Feb 13, 2020 in PHP by Niroj
• 82,840 points
3,788 views
+1 vote
1 answer

How can we send message multiple time to a specific person or group in whatsapp using loop?

Hii @kartik,  This is simple task to send single ...READ MORE

answered Feb 28, 2020 in Java-Script by Niroj
• 82,840 points
18,598 views
0 votes
1 answer

Error:npm not working after clearing cache

Hello @kartik, Try this: npm cache clean --force OR It ...READ MORE

answered Jul 17, 2020 in Node-js by Niroj
• 82,840 points
6,529 views
0 votes
1 answer
0 votes
0 answers

Anyone can help me out to understand the semantic of (document.getElementBYId("demo").innerHTML="Hello") ?

Hello guys, Can Someone helps me to find ...READ MORE

Jan 17, 2020 in Web Development by anonymous
• 37,520 points
928 views
0 votes
1 answer

What are the best way to allow plugins for a PHP application?

Hii, Here is an approach I have  used, it's ...READ MORE

answered Apr 1, 2020 in PHP by Niroj
• 82,840 points
751 views
0 votes
1 answer

What is the best way to allow plugins for a PHP application?

Hello @kartik, I've used, it's an attempt to ...READ MORE

answered Apr 15, 2020 in PHP by Niroj
• 82,840 points
722 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP