على فكرة من فترة اطلعت على هذا السكربت ووجدت فيه ثغرة من نوع XSS ولا أدري إن كان نفسه هنا ...
والسبب هو عدم فلترة المتحول userid
كود PHP:
<?php
error_reporting(E_ALL ^ E_NOTICE); // Report all errors except E_NOTICE
session_start(); // Start Session
$_SESSION["userid"] = $_POST["userid"]; // Session ID to remember last typed userid
// Make sure the three lines above appear BEFORE any other coding
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Language" content="en-us">
<style>
body, .textbox, .button { font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; }
</style>
<title>GMail Signature Generator</title>
</head>
<body>
<form name="form" method="post">
Enter email: <input name="userid" type="text" size="30" class="textbox" style="text-align:right;" value="<?php echo $_POST["userid"]; // Recall last typed userid ?>">@gmail.com <input type="submit" class="button" value="Create">
<p><img border="0" width="200" height="20" src="gmail1.php?userid=<?php if (!empty($_POST['userid'])) { echo "".$_POST['userid'].""; }else { echo "username"; } ?>"><!-- If userid is empty, replace with username --></p>
<p><img border="0" width="200" height="20" src="gmail2.php?userid=<?php if (!empty($_POST['userid'])) { echo "".$_POST['userid'].""; }else { echo "username"; } ?>"><!-- If userid is empty, replace with username --></p>
<p><img border="0" width="220" height="64" src="gmail3.php?userid=<?php if (!empty($_POST['userid'])) { echo "".$_POST['userid'].""; }else { echo "username"; } ?>"><!-- If userid is empty, replace with username --></p>
</form>
</body>
</html>