security issue?

dps1

Newbie

Join Date: Apr 2006

Posts: 46
- Share
- Tweet
#1

security issue?

Nov-07-2006, 03:41 PM

In my search logs, I have a few instances of users attempting to execute what looks like a remote javascript file.

e.g.

<script src=http usuc.us j.php>jonny< script>

Is this something we should be concerned about?

Guess this isn't a javascript, but a php. But, same sort of question. Is it possible to conduct a search and attempt to execute server-side functions like asp or php in such a manner?

Last edited by dps1; Nov-07-2006, 03:47 PM. Reason: Not javascript but php...but same question
Tags: None
David

Administrator

Join Date: Dec 2004

Posts: 4708
- Share
- Tweet
#2

Nov-07-2006, 07:44 PM

No need to be concerned. We are aware of people trying simple tricks like this. The input string is never executed and the HTML output is encoded to look like this,
....j.php>jonny< script>......
Which prevent browsers treating the string like code.

There are no security issues in V4.2 and V5 Beta that we are aware of at the moment.
Comment

Announcement