2009/3/11 filtered <zopyxfilter@xxxxxxxxxxxxxx>
> Hi,
>
> we have script containing
>
> <? echo $_GET['studio'] ?>
>
> and
>
> <?
> $cam = $_GET['cam'];
>
> if ($cam == '1') {
> echo '<img src="http://example.com""; />';
> }
> ?>
>
> Is this code prone to XSS attacks or for attacking the local webserver
> and if so, how?
>
> $cam isn't used anywhere else.
$_GET['cam'] looks fine. $_GET['studio'] is not.
I could build a URL that would output a javascript tag to do anything I want
from the security context of a page on your site. This is not good.
Check out http://php.net/htmlentities and associated functions.
-Stuart
--
http://stut.net/
