filtered wrote:
Hi,we have script containing <? echo $_GET['studio'] ?> and <? $cam = $_GET['cam']; if ($cam == '1') { echo '<img src="http://example.com""; />'; } ?> Is this code prone to XSS attacks or for attacking the local webserver and if so, how? $cam isn't used anywhere else. -a
It certainly is XSS vulnerable through a reflective XSS attack. clean your input before displaying it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
