• bWAPP----HTML Injection

    bWAPP--low--HTML Injection - Reflected (POST)

    只不过是把传递方式换成post,

     防护的三个级别和内容与GET相同

     1 function htmli($data)
 2 {
 3          
 4     switch($_COOKIE["security_level"])
 5     {
 6         
 7         case "0" : 
 8             
 9             $data = no_check($data);            
10             break;
11         
12         case "1" :
13             
14             $data = xss_check_1($data);
15             break;
16         
17         case "2" :            
18                        
19             $data = xss_check_3($data);            
20             break;
21         
22         default : 
23             
24             $data = no_check($data);            
25             break;;   
26 
27     }       
28 
29     return $data;
30 
31 }
32 
33  <label>Set your security level:</label><br />
34         
35         <select name="security_level">
36             
37             <option value="0">low</option>
38             <option value="1">medium</option>
39             <option value="2">high</option> 
40             
41        </select>

     1 <div id="main">
 2     
 3     <h1>HTML Injection - Reflected (POST)</h1>
 4 
 5     <p>Enter your first and last name:</p>
 6 
 7     <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="POST">
 8 
 9         <p><label for="firstname">First name:</label><br />
10         <input type="text" id="firstname" name="firstname"></p>
11 
12         <p><label for="lastname">Last name:</label><br />
13         <input type="text" id="lastname" name="lastname"></p>
14 
15         <button type="submit" name="form" value="submit">Go</button>  
16 
17     </form>
18 
19     <br />
20     <?php
21 
22     if(isset($_POST["firstname"]) && isset($_POST["lastname"]))
23     {   
24 
25         $firstname = $_POST["firstname"];
26         $lastname = $_POST["lastname"];    
27 
28         if($firstname == "" or $lastname == "")
29         {
30 
31             echo "<font color="red">Please enter both fields...</font>";
32 
33         }
34 
35         else            
36         {
37 
38             echo "Welcome " . htmli($firstname) . " " .  htmli($lastname);
39 
40         }
41 
42     }
43 
44     ?>
45 
46 </div>
  • 相关阅读:
    readAsDataURL(file) & readAsText(file, encoding)
    MySQL: Integer & String types
    JavaScript 中事件绑定的三种方式
    vue-router 导航守卫
    js 常见数组算法
    CSS渐变色边框,解决border设置渐变后,border-radius无效的问题
    margin:auto你真的理解么
    当margin和padding的值是百分比时,如何计算
    关于 js 函数参数的this
    Vue.js 中的 v-cloak 指令
  • 原文地址:https://www.cnblogs.com/hongren/p/7148901.html
Copyright © 2020-2023  润新知