标签:color -- lease name wap uri .com ges sub
HTML Injection - Reflected (GET)
进入界面,
html标签注入
low级别没有保护
1 function htmli($data) 2 { 3 4 switch($_COOKIE["security_level"]) 5 { 6 7 case "0" : 8 9 $data = no_check($data); 10 break; 11 12 case "1" : 13 14 $data = xss_check_1($data); 15 break; 16 17 case "2" : 18 19 $data = xss_check_3($data); 20 break; 21 22 default : 23 24 $data = no_check($data); 25 break;; 26 27 } 28 29 return $data; 30 31 } 32 33 <label>Set your security level:</label><br /> 34 35 <select name="security_level"> 36 37 <option value="0">low</option> 38 <option value="1">medium</option> 39 <option value="2">high</option> 40 41 </select>
这是核心代码
1 <div id="main"> 2 3 <h1>HTML Injection - Reflected (GET)</h1> 4 5 <p>Enter your first and last name:</p> 6 7 <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="GET"> 8 9 <p><label for="firstname">First name:</label><br /> 10 <input type="text" id="firstname" name="firstname"></p> //first name 框 11 12 <p><label for="lastname">Last name:</label><br /> //last name 框 13 <input type="text" id="lastname" name="lastname"></p> 14 15 <button type="submit" name="form" value="submit">Go</button> //按钮标签 16 17 </form> 18 19 <br /> 20 <?php 21 22 if(isset($_GET["firstname"]) && isset($_GET["lastname"])) //以GET方式获取表单传递的firstname和lastname,isset检测是否存在 23 { 24 25 $firstname = $_GET["firstname"]; //接受参数 26 $lastname = $_GET["lastname"]; 27 28 if($firstname == "" or $lastname == "") //如果其中一个为空,显示下边内容 29 { 30 31 echo "<font color=\"red\">Please enter both fields...</font>"; 32 33 } 34 35 else 36 { 37 38 echo "Welcome " . htmli($firstname) . " " . htmli($lastname); //没有任何过滤,直接展示出来 39 40 } 41 42 } 43 44 ?> 45 46 </div>
可以<script>标签加入xss
bWAPP--low--HTML Injection - Reflected (GET)
标签:color -- lease name wap uri .com ges sub
原文地址:http://www.cnblogs.com/hongren/p/7148869.html
