Thread: New PHP Script.. Test it out will ya?
View Single Post
Old 11-29-2004, 03:55 PM  
swedguy
Confirmed User
 
Industry Role:
Join Date: Jan 2002
Posts: 7,981
Quote:
Originally posted by iBOUNCER
OK, a few security concerns.

1) Looks like your just pulling whatever file the user asks for. See: http://www.dxan.com/cobra/image.php?...ges/header.gif

This is bad.

2) You are not validating input, equally bad; see:

http://www.dxan.com/cobra/model.php?...g%20input&id=1

You are escaping meta characters, which is a good thing.

Let me know if you need any help closing these things up.

Otherwise, looks cool
You beat me to it
swedguy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote