Test case 1769

Type: source code
State: bad
Status: candidate
Language: PHP
Submission Date: 23 Oct 2006

Description

Basic [b]Cross-Site Scripting[/b] (XSS) in PHP.[br]
The attacker will write a JavaScript (hop.js) which reads the cookie and send it to: http://www.bad.com/getCookie.php which store it in a file.[br]

Flaws

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Have any comments on this test case? Please, send us an email.