Thread: *Owned List.com !!!
View Single Post
12-27-2007, 10:50 AM
 #13
Bursh. is offline Bursh.
Status: Member
Join date: Nov 2006
Location: In your bath.
Expertise:
Software:
 
Posts: 121
iTrader: 0 / 0%
 

Bursh. is on a distinguished road

Send a message via AIM to Bursh. Send a message via MSN to Bursh.

  Old

Originally Posted by Wildhoney View Post
You've not filtered the inputs on your website and so I was able to easily inject Javascript in there without too much effort at all. Try adding strip_tags like so:

PHP Code:
$myVar strip_tags($_POST['myVar']); 
aw crap. I thought i'd covered that. Thanks for the heads up I've fixed it now.