Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Cross-Site Scripting
- Userinput reaches sensitive sink when function log_bug() is called.
- 29: echo echo $_SESSION[$filename];
- 25: $filename = $_GET['_getfile'] . '.inc.php';
- requires:
- 24: if (isset($_GET['_getfile']) && in_array($_GET['_getfile'], array('main', 'db'))) {
- 26: if (!empty($_SESSION[$filename])) {
- 1997: <A NAME="log_bug_declare"></A><a href="#log_bug_call" title="jump to call"><span class="linenr">1997:</span> <span class="phps-t-function">function</span> <span class="phps-t-string">log_bug</span><span class="phps-code">(</span><span style="cursor:pointer;" name="phps-var-arg_arr" onClick="markVariable('arg_arr')" onmouseover="markVariable('arg_arr')" onmouseout="markVariable('arg_arr')" class="phps-t-variable">$arg_arr</span><span class="phps-code">)</span> </a>
Add Comment
Please, Sign In to add comment