Jump to content

xss checkin


woobarb

Recommended Posts

Hi, i'm just testing and was wondering if there anything along these lines to look out for?

 

$s = "<br><br><b>BOLD</b><script>alert('hello');</script><br><hr><?php echo 'im here'; ?>";

$s = bin2hex($s);
$s = strrev(chunk_split(strrev($s), 2, "%"));

print "converted: ".$s."<br><br>\n";

print "<a href='?cmd=".$s."'>link</a><br>\n";

if(isset($_GET['cmd']))
{
//print "cmd: ".htmlspecialchars($_GET['cmd'])."<br><br>";
print "cmd: ".$_GET['cmd']."<br><br>\n";
}

 

You know, if any other sort of encoding will get passed, or is it converted back to normal by the server before being passed onto php?

Link to comment
https://forums.phpfreaks.com/topic/103161-xss-checkin/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.