super3
commented
12 years ago We can use the HTML special chars for now.
Yeah that needs to be fixed. I have already exploited and a tried that with the previous script. I think this bot is a little better because it goes to the log file, instead of straight to a browser window like the old one.
Currently, the input of the user is not validated or cleaned. This should be fixed, to prevent them from attacking the bot or other uses by inserting JavaScript or something else.
Perhaps we can use http://de.php.net/manual/en/function.htmlspecialchars.php . We should write an own method to cleanup the userinput.