> filtered schreef:
>> Hi,
>>
>> we have script containing
>>
>> <? echo $_GET['studio'] ?>
>
> let say I do:
>
> example.com/yourscript.php?studio=<script type="text/javascript">alert('I am an evil haxor');</script>
>
> excusing the fact that the query is not urlencoded, what happens on your site
> (replace domain and script name to match your site/script)
>
>
>>
>> and
>>
>> <?
>> $cam = $_GET['cam'];
>>
>> if ($cam == '1') {
>> echo '<img src="http://example.com""; />';
>> }
>
>
> if ($_GET['cam'] === '1')
> echo '<img src="http://example.com"; />';
>
> no need to create the $cam var, and a little better to check for the exact value+type (===)
>
>> ?>
>>
>> Is this code prone to XSS attacks or for attacking the local webserver
>> and if so, how?
>>
>> $cam isn't used anywhere else.
use htmlentities() to display $_GET['studio']
like below.
<?php echo htmlentities($_GET['studio']); ?>
Virgil
http://www.jampmark.com
Free tips, tutorials, innovative tools and techniques for building and
improving web sites.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
