- Oct. 5th, 2006
- 7 comments
If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:
This says "Find all PHP code that calls 'print' or 'echo' to display $_GET or $_POST (likely) without escaping anything. What a great way to find places to inject stuff! This is useful to find XSS vulnerabilities as well.
Organizing the world's information is useful — for many things
"7 Wise Comments Banged Out Somewhere On The Internet ..."
[...] - Find HTML Injection Vulnerabilities with Google Code Search [...]