woobarb Posted April 27, 2008 Share Posted April 27, 2008 Hi, i'm just testing and was wondering if there anything along these lines to look out for? $s = "<br><br><b>BOLD</b><script>alert('hello');</script><br><hr><?php echo 'im here'; ?>"; $s = bin2hex($s); $s = strrev(chunk_split(strrev($s), 2, "%")); print "converted: ".$s."<br><br>\n"; print "<a href='?cmd=".$s."'>link</a><br>\n"; if(isset($_GET['cmd'])) { //print "cmd: ".htmlspecialchars($_GET['cmd'])."<br><br>"; print "cmd: ".$_GET['cmd']."<br><br>\n"; } You know, if any other sort of encoding will get passed, or is it converted back to normal by the server before being passed onto php? Link to comment https://forums.phpfreaks.com/topic/103161-xss-checkin/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.