Cross-Site-Scripting Proof of Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 27: | Zeile 27: | ||
</pre> | </pre> | ||
| − | |||
*[[xss-poc-js-reverse-shell]] | *[[xss-poc-js-reverse-shell]] | ||
*[[xss-poc-reverse-shell]] | *[[xss-poc-reverse-shell]] | ||
=Links= | =Links= | ||
| + | *https://rioasmara.com/2020/09/21/from-xss-csrf-command-injection-to-reverse-shell/ | ||
*https://www.hackingarticles.in/cross-site-scripting-exploitation/ | *https://www.hackingarticles.in/cross-site-scripting-exploitation/ | ||
Aktuelle Version vom 9. März 2023, 14:45 Uhr
Script
<?php
if(isset($_GET['submit'])){
$msg = $_GET['msg'];
}
?>
<!DOCTYPE html>
<html>
<body>
<h2>Authentifizierung</h2>
<form method="get">
<label for="fname">Input</label><br>
<input type="text" name="msg"><br>
<input type="submit" name="submit" value="klick">
</form>
<br>
<?php
echo "Hello $msg";
?>
</table>
</body>
</html>