Re: [PHP] Do I need to worry about check boxes?
- Date: Thu, 26 May 2016 10:01:29 +1000
- From: Kevin Waterson <kevin.waterson@xxxxxxxxx>
- Subject: Re: [PHP] Do I need to worry about check boxes?
Consider your code
<input type="checkbox" name="vehicle" value="Bike"> I have a bike<br>
But, because I wish to break your environment and give an error that may
lead to identifying a vulnerability I make my own form and do..
<input type="text" name="vehicle" value="really really really long string"
Then things can go really wrong, really fast.
NEVER TRUST USER INPUT!
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."