I am confused about the attack surface made possible by an XSS vulnerability. Suppose I have a simple web application that does not involve authentication (perhaps a “word of the day” kind of thing). If it is naively written and allows injection by crafting a malicious link, what kind of damage can the injection do?
To make things concrete, here’s a PHP script (what else) that is wide open to attack, since it will send back any nonsense added to the request URL.
<html><body> <p> <?php echo 'Access denied:' . $ _SERVER["PHP_SELF"] ; ?> </p> </body></html>
How bad would it be to have this problem on my server? What can happen exactly? My script does not collect or store any data, so there is no chance of a persistent injection on my server.
If the user clicking on the malicious link trusts my domain, they could be tricked into doing or accepting things that they wouldn’t otherwise. But if my domain enjoys no special trust, is there still danger? The attacker has already had access to the user/victim to trick them into visiting me through the doctored link, so is my website really posing an additional danger?
Since the reflected code appears to originate on my domain, could the attacker gain access to my intranet? I suppose in this case no trickery is needed: the attacker can run the malicious requests directly on my server, right?
I must be missing something here, please help me understand what that is.
On my ubuntu server i have a few shares that I can access from finder in the style:
successfully without having to type in a password. When I try to mount the server shares from the command line with:
mount_smbfs '//share;user:@server.domain/share' /Volumes/share
mount_smbfs: server rejected the connection: Authentication error
If i mount one of the shares from the finder all others can be mounted from the command line without this error to appear.
I searched the different stackexchange sites and found the following releated questions and links:
- Why mac smb connect fails with login from cli but works from finder and with guest account?
- SMB connections throws authentication error after upgrading Mac OS X to 10.13
- Mac OS Sierra connected to SMB share keeps forgetting permissions at the folder level
Most of these have a few thousand views and quite a few upvotes. Most interestingly I found two comments where users express the frustration about this issue not being solved in a consistent way.
On the other hands there are lots of downvotes for answers and some of the questions – it seems as this problem is very well known and some enlighted users think it is very clear what to do.
Since this issue is annoying me daily I am daring to ask the question again with the specific context of Ubuntu 16.04 LTS and Mac OS High Sierra 10.13.6.
I fear that answers of the past do not work in this context any more.
The reasons I am asking the question in the first place is that the SMB connections get “lost” over night. This is a different behavior then on my other systems. The CIFS connection between my Ubuntu machines stay stable over time while Mac OS seems to have some disconnection policy.
So my issue could either be solve by making the connection stable or re-establishing the connection automatically with a script
How can a permanent or automatically-script reconnected SMB connection between a Mac OS High Sierra 10.3.6 client and an Ubuntu/Linux SMB server achieved?