I am making one of my simple application. There is an option to download generated image. For that, my php code is:
<?php
if (isset($_GET['img_name'])){
?>
<html>
<img src="<?php echo $_GET['img_name'];?> "></html>
<?php
}
?>
I know this is vulnerable for xss. But this is not the problem. Question is, is it possible for attacker to include or execute php file or code via this option ? I know that, for echo and img tag php will not execute here.
What you think researchers? Am i safe ?
Aucun commentaire:
Enregistrer un commentaire