filtered wrote:

we have script containing

 <? echo $_GET['studio'] ?>


        $cam = $_GET['cam'];

        if ($cam == '1') {
            echo '<img src=""";  />';

Is this code prone to XSS attacks or for attacking the local webserver
and if so, how?

$cam isn't used anywhere else.


It certainly is XSS vulnerable through a reflective XSS attack.
clean your input before displaying it.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to