Saturday, March 19, 2011

abusing php header redirect

header('location:confirm.php?error=true&CN='.$_REQUEST['CNumber'].'&EY='.$_REQUEST['ex
pYear'].'&EM='.$_REQUEST['expMonth'].'&CHF='.$_REQUEST['CHolderFName'].'&CHL='.$_REQUEST['CHolderLName'].'&Cvv='.$_REQUEST['CV
V2'].'&CT='.$_REQUEST['CardType'].'&Message='.$myRsMessage);

Wow. Just, wow.

No comments:

Post a Comment

Followers