0

I was playing with OWASP Mutillidae II and in one page I've found a vulnerability. In the address bar I've wrote something like this:

127.0.0.1/.../?page=text-file-viewer.php/"><script>alert("test");</script>

The alert box pops up, but I don't understand why? I know what happen if I put this code in an input form, but I don't know what the address bar do! How does the address bar process the string that it gets? Why does my code work if I put it in the address bar?

Anders
  • 64,406
  • 24
  • 178
  • 215
malloc
  • 854
  • 1
  • 9
  • 11

2 Answers2

2

The address bar doesn't do anything. It's the web application which appearently takes the URL and inserts it right into the HTML markup, leading to a cross-site scripting vulnerability.

This happens either server-side or client-side: Either the PHP script delivers the page with the URL already in it, or there's a piece of JavaScript code which injects the URL after your browser has received the HTML document.

Fleche
  • 4,024
  • 1
  • 17
  • 20
1

That is the same as filling a form which has an input field named page with the following data

text-file-viewer.php/"><script>alert("test");</script>

If you get the alert pop-up, the server is writing the user input as is.

NuTTyX
  • 693
  • 4
  • 9