On Wed, Mar 11, 2009 at 13:44, Jochem Maas <joc...@iamjochem.com> wrote:
> filtered schreef:
>> Hi,
>> we have script containing
>>  <? echo $_GET['studio'] ?>
> let say I do:
> example.com/yourscript.php?studio=<script type="text/javascript">alert('I am 
> an evil haxor');</script>
> excusing the fact that the query is not urlencoded, what happens on your site
> (replace domain and script name to match your site/script)

Ok, but I don't see how this code could be used to attack the local
php/web-server in order
for intruding the system or e.g. for installing a root-kit. Right?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to