Re: This code using _GET exploitable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



filtered schreef:
> Hi,
> 
> we have script containing
> 
>  <? echo $_GET['studio'] ?>

let say I do:

example.com/yourscript.php?studio=<script type="text/javascript">alert('I am an evil haxor');</script>

excusing the fact that the query is not urlencoded, what happens on your site
(replace domain and script name to match your site/script)


> 
> and
> 
>     <?
>         $cam = $_GET['cam'];
> 
>         if ($cam == '1') {
>             echo '<img src="http://example.com"";  />';
>         }


if ($_GET['cam'] === '1')
	echo '<img src="http://example.com"; />';

no need to create the $cam var, and a little better to check for the exact value+type (===)

>    ?>
> 
> Is this code prone to XSS attacks or for attacking the local webserver
> and if so, how?
> 
> $cam isn't used anywhere else.
> 
> -a
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux