filtered wrote:
Hi,we have script containing <? echo $_GET['studio'] ?>
http://www.yourwebsite.org/yourpage.php?studio=<script>alert('xss');</script>
and
<?
$cam = $_GET['cam'];
if ($cam == '1') {
echo '<img src="http://example.com""; />';
}
?>
That I don't think is exploitable since you are not doing anything with cam directly but are only acting if it is a string matching '1'.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
