<?
    /**
      * xss.php
      *
      * Demonstrates cross-site scripting.
      *
      * David J. Malan
      * Dan Armendariz
      * Computer Science S-75
      * Harvard Summer School
      */

      // enable sessions
      session_start();

      // set a cookie
      setcookie("secret", "12345");
?>

<!DOCTYPE html PUBLIC
     "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title></title>
  </head>
  <body>
    <form action="xss2.php" method="get">
      <input name="name" type="text" />
      <input type="submit" value="Say My Name" />
    </form>
  </body>
</html>