InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

contact form

https://forums.informaction.com/viewtopic.php?t=2791

Page 1 of 1

contact form

Posted: Tue Oct 06, 2009 4:47 pm
by Konrad
I have one account where I can run cgi-programs ans some other where not.
On the first account I have a Perl-Program which handles the contact-form for all my homepages.
The latter call the Perl-Program by the form-tag with the post-command.
Some users now have problems, since NoScript notes
[NoScript XSS] Ein verdächtiger Upload zu [http://www.beinahe-gratis.de/cgi-bin/index.pl] von [http://www.skuriles.de/] wurde bereinigt und in eine GET-Anfrage (nur Download) umgewandelt.
What can I do?

Re: contact form

Posted: Tue Oct 06, 2009 5:14 pm
by Giorgio Maone
You've got three choices, either
  1. put the Perl program on the same domain of the page calling it, or
  2. tell your users to whitelist www.beinahe-gratis.de or
  3. use GET instead of POST as the form method.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited