Page 2 of 2

Re: Please critique my upload script.

Posted: Sun Aug 09, 2009 1:04 pm
by josh
You need an absolute path to read the file, and it still looks like someone can cause your script to echo JS

Re: Please critique my upload script.

Posted: Mon Aug 10, 2009 4:36 am
by social_experiment
and it still looks like someone can cause your script to echo JS
I tried entering <script>alert("XSS")</script> in my url as suggested via another comment but it doesn't alert the message. How can i improve the script to stop any JS code from being echoed?