bWAPP--low--HTML Injection - Reflected (GET)
阿新 • • 發佈:2017-07-11
div htm med server 顯示 表單 action func function
HTML Injection - Reflected (GET)
進入界面,
html標簽註入
low級別沒有保護
1 function htmli($data) 2 { 3 4 switch($_COOKIE["security_level"]) 5 { 6 7 case "0" : 8 9 $data = no_check($data); 10 break; 11 12 case"1" : 13 14 $data = xss_check_1($data); 15 break; 16 17 case "2" : 18 19 $data = xss_check_3($data); 20 break; 21 22 default : 23 24 $data= no_check($data); 25 break;; 26 27 } 28 29 return $data; 30 31 } 32 33 <label>Set your security level:</label><br /> 34 35 <select name="security_level"> 36 37 <option value="0">low</option> 38<option value="1">medium</option> 39 <option value="2">high</option> 40 41 </select>
這是核心代碼
1 <div id="main"> 2 3 <h1>HTML Injection - Reflected (GET)</h1> 4 5 <p>Enter your first and last name:</p> 6 7 <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="GET"> 8 9 <p><label for="firstname">First name:</label><br /> 10 <input type="text" id="firstname" name="firstname"></p> //first name 框 11 12 <p><label for="lastname">Last name:</label><br /> //last name 框 13 <input type="text" id="lastname" name="lastname"></p> 14 15 <button type="submit" name="form" value="submit">Go</button> //按鈕標簽 16 17 </form> 18 19 <br /> 20 <?php 21 22 if(isset($_GET["firstname"]) && isset($_GET["lastname"])) //以GET方式獲取表單傳遞的firstname和lastname,isset檢測是否存在 23 { 24 25 $firstname = $_GET["firstname"]; //接受參數 26 $lastname = $_GET["lastname"]; 27 28 if($firstname == "" or $lastname == "") //如果其中一個為空,顯示下邊內容 29 { 30 31 echo "<font color=\"red\">Please enter both fields...</font>"; 32 33 } 34 35 else 36 { 37 38 echo "Welcome " . htmli($firstname) . " " . htmli($lastname); //沒有任何過濾,直接展示出來 39 40 } 41 42 } 43 44 ?> 45 46 </div>
可以<script>標簽加入xss
bWAPP--low--HTML Injection - Reflected (GET)