<?php // This code is vulnerable when cmd == 1 and text contains a script // ?cmd=1&text=%3Cscript%3Ewindow.location%20=%20%22http://www.google.com/%22%3C/script%3E function get($c){ if ($c == 1) return $_GET['text']; else return htmlspecialchars($_GET['text']); } $cmd = (int) $_GET["cmd"]; if ($cmd == 0) echo "0"; else echo ($cmd . " " . get($cmd)); ?>
You have javascript disabled. You will not be able to edit any code.