|
deregular
|
 |
« Reply #45 on: August 27, 2009, 02:58:28 AM » |
|
Oh i see what you mean.
Possible when echoing the referrer out without sanitising, gotcha.
|
|
|
|
|
Logged
|
|
|
|
|
vsloathe
|
|
« Reply #46 on: August 27, 2009, 04:41:10 AM » |
|
Not just echo - you can do script injection easily if it's being echoed, but code injection is much more of a threat than script injection, and script injection is much easier if you're doing some operations on the $_SERVER['HTTP_REFERER']. That's why it's wise to handle that piece only once, and with a tight regex. Webmasters frequently neglect to think of things like the referer and even the IP address as user-supplied, but they are.
|
|
|
|
|
Logged
|
hai
|
|
|
|
patch
|
|
« Reply #47 on: August 27, 2009, 05:01:38 AM » |
|
so the same would go for user-agent and anything else that can be set by using curl and others then...
I could be happily running a little stats query on distinct user agents and echoing out values, counts etc... and then wonder why the lights went out??
|
|
|
|
|
Logged
|
|
|
|
|
vsloathe
|
|
« Reply #48 on: August 27, 2009, 05:56:27 AM » |
|
Just don't trust anything from the user  scrub out the obvious things that shouldn't be there, or run it through htmlentities to neuter any injection attempts - but again don't count on someone else's code to make you safe; there are ways I can get code through that will work properly when entity-ized. |
|
|
|
|
Logged
|
hai
|
|
|
|
perkiset
|
|
« Reply #49 on: August 27, 2009, 10:37:02 AM » |
|
Webmasters frequently neglect to think of things like the referer and even the IP address as user-supplied, but they are.
Oh cripes, there you go again messing up my day.  Do you know how much legacy code I now need to go through and make sure my IPDelivery stuff is not vulnerable? (Thanks, BTW - nasty tip and huge hole - TBH, never thought of delivering a payload watching my code there.) |
|
|
|
|
Logged
|
It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
|
|
|
|
Erika111
|
|
« Reply #50 on: August 28, 2009, 05:16:52 AM » |
|
Hi, These are many site where you can learn seo, without any cost. htpcompany.com/internet_marketing_seo_tutorial_free.html learnseoforfree.64089.free-press-release.com www.seobook.comhobo-web.co.uk/seo-blog/index.php/diy-seo tools.seobook.com/ |
|
|
|
|
Logged
|
No links in signatures please
|
|
|
|
NYDAz
|
|
« Reply #51 on: August 28, 2009, 06:05:36 AM » |
|
|
|
|
|
|
Logged
|
I'm an educated fool, with money on my mind !
|
|
|
|
isthisthingon
|
|
« Reply #52 on: August 28, 2009, 06:19:42 AM » |
|
|
|
|
|
|
Logged
|
I would love to change the world, but they won't give me the source code.
|
|
|
|
JoeDuggins
|
|
« Reply #53 on: August 28, 2009, 06:52:53 AM » |
|
So, obviously my sig is backlink building. I wanted to know more about volume of PPC vs visitors. What's a fair percentage of clicks/visitors? Generating traffic is easy, but it can't be garbage. I can go to a "People with Cancer" site, and tell them all that God's wrath has fallen upon them, but none of the traffic is interested in ads, they just want my blood. I use the ad clicks/visitors rate to determine quality traffic. I don't have a good baseline for testing, so what's a solid percentage?
Read the rules buddy.
|
|
|
|
« Last Edit: August 28, 2009, 06:57:45 AM by vsloathe »
|
Logged
|
No links in signatures please
|
|
|
|
vsloathe
|
|
« Reply #54 on: August 28, 2009, 07:01:35 AM » |
|
I nuked the link in his message Perks, but I can't seem to get at the one in his sig. I also sent him a PM explaining how self-promotion is verboten without making special arrangements.
|
|
|
|
|
Logged
|
hai
|
|
|
|
Bompa
|
|
« Reply #55 on: August 28, 2009, 07:32:52 AM » |
|
So, obviously my sig is backlink building. I wanted to know more about volume of PPC vs visitors. What's a fair percentage of clicks/visitors? It used to be 20-25% a few years ago when I was into AdSense. Bompa |
|
|
|
|
Logged
|
"Everything that can be counted does not necessarily count; everything that counts cannot necessarily be counted." -- Albert Einstein
|
|
|
|
perkiset
|
|
« Reply #56 on: August 28, 2009, 08:44:37 AM » |
|
I nuked the link in his message Perks, but I can't seem to get at the one in his sig. I also sent him a PM explaining how self-promotion is verboten without making special arrangements.
... did I miss it and you sorted it out? No link there... thanks tho. |
|
|
|
|
Logged
|
It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
|
|
|
|
nutballs
|
|
« Reply #57 on: August 28, 2009, 08:45:14 AM » |
|
i nuked it.
|
|
|
|
|
Logged
|
I could eat a bowl of Alphabet Soup and shit a better argument than that.
|
|
|
|
perkiset
|
|
« Reply #58 on: August 28, 2009, 08:46:30 AM » |
|
Gonna check perms, thanks for the heads up and double duty VS & Nuts |
|
|
|
|
Logged
|
It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
|
|
|
|
