Re: This code using _GET exploitable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

filtered wrote:

Hi,

we have script containing

 <? echo $_GET['studio'] ?>


http://www.yourwebsite.org/yourpage.php?studio=<script>alert('xss');</script>



and

    <?
        $cam = $_GET['cam'];

        if ($cam == '1') {
            echo '<img src="http://example.com"";  />';
        }
   ?>
That I don't think is exploitable since you are not doing anything with cam directly but are only acting if it is a string matching '1'. 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux