I'm trying to track down a way to protect a bunch of servers from XSS exploits. I'm not understanding how an attacker can inject php code in to a variable with the querystring and then have that variable execute code arbitrarily. I have attached 2 files that were recently linked to in a perl script that was successfully dropped in to a /tmp folder. This script could not execute as I have set the perl binary chown root:root and chmod 700. one is the encrypted file as I found it, the other is the decrypted code. How do people make a variable execute code that downloads, saves and executes the perl script that then finishes the job? Notice the decrypted code contains ?> which is the php close tag. Notice the encrypted code starts off <?php. How does a variable say $product_id containing the value 8 followed by the contents of the encrypted code actually manage to do anything?