Vuln:
Kod:
<?PHP
$adi = $_GET["adi"];
$soyadi = $_GET["soyadi"];
echo $adi;
echo $soyadi;
?>
Xss:
Kod:
adi="<script>alert(’Vuln’)</script>
soyadi="<script>alert(’Vuln’)</script>
;[/code]
Fix:
[code]<?php
$adi = htmlspecialchars($_GET["adi"]);
$soyadi = htmlspecialchars($_GET["soyadi"]);
echo $adi;
echo $soyadi;
?>[/code]