filtered schreef:
> Hi,
>
> we have script containing
>
> <? echo $_GET['studio'] ?>
let say I do:
example.com/yourscript.php?studio=<script type="text/javascript">alert('I am an
evil haxor');</script>
excusing the fact that the query is not urlencoded, what happens on your site
(replace domain and script name to match your site/script)
>
> and
>
> <?
> $cam = $_GET['cam'];
>
> if ($cam == '1') {
> echo '<img src="http://example.com""; />';
> }
if ($_GET['cam'] === '1')
echo '<img src="http://example.com"; />';
no need to create the $cam var, and a little better to check for the exact
value+type (===)
> ?>
>
> Is this code prone to XSS attacks or for attacking the local webserver
> and if so, how?
>
> $cam isn't used anywhere else.
>
> -a
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
