I had a designer build a job type website using PHP and Mysql. They are out of town and I was told by my hosting company today that said the following: "There is something in the [url removed, login to view] page that allows for cross-site scripting. Unfortunately we cannot debug your code to find the exact line of code that allows for this, but most likely there is some sort of search feature, or indexing feature on that page that will allow hackers to execute off-site code." I need someone who can look at the [url removed, login to view] code and let me know if there is a hole in the code to allow this cross-site scripting. I can provide the code from the index page. would like someone with experience in finding these problems
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
PHP and mysql