Jump to content

Recommended Posts

  • 2 weeks later...

Injection

Edit.php

 

http://www.mswiki.co.cc/edit.php

?w=String.fromCharCode(83, 116, 114, 105, 110, 103, 32, 116, 111, 32, 117, 115, 101)

 

MSWiki - Editing : [union_s

 

elect_1,2,3,4,5,6,7,8,9,10]

 

http://www.mswiki.co.cc/edit.php

?w=CONCAT_WS(CHAR(32,58,32),user(),database(),version())

 

http://www.mswiki.co.cc/edit.php

?w=CONVERT(String to use USING utf8)

 

http://www.mswiki.co.cc/edit.php

?w=CONVERT(String to use USING latin1)

 

http://www.mswiki.co.cc/edit.php

?w=CHAR(83, 116, 114, 105, 110, 103, 32, 116, 111, 32, 117, 115, 101)

 

http://www.mswiki.co.cc/edit.php

?w= CHAR(83) + CHAR(116) + CHAR(114) + CHAR(105) + CHAR(110) + CHAR(103) + CHAR(32) + CHAR(116) + CHAR(111) + CHAR(32) + CHAR(117) + CHAR(115) + CHAR(101)

 

http://www.mswiki.co.cc/edit.php

?w= alert(String.fromCharCode(88, 83, 83))

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/133632-my-wiki-script/#findComment-707032
Share on other sites

Does sound a little like 'Microsoft Wiki' :/

 

Apart from that though, looks good!

 

Well not bad script I guess but I would work on your design (IMO)

 

...I like the design? Have you recently changed it or something? There is a little flaw in it mind! When the page content is low white space appears underneath... I've included a screen shot to show you.

 

Adam

 

 

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/133632-my-wiki-script/#findComment-709311
Share on other sites

<?php
//**********loops all $_POST variables and cleans them automatically*************///
if(get_magic_quotes_gpc())
{
//clean XSS/SQL injection
function clean($var) {

$var=strip_tags(trim(mysqli_real_escape_string($var)));//changed $text to $var my bad
$var=htmlspecialchars($var,ENT_QUOTES);
return $var;
}

array_walk_recursive($_POST,'clean');
} 
?>

Link to comment
https://forums.phpfreaks.com/topic/133632-my-wiki-script/#findComment-711920
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.