Skip to content

Instantly share code, notes, and snippets.

@koto
Created October 15, 2013 20:52
Show Gist options
  • Save koto/6998479 to your computer and use it in GitHub Desktop.
Save koto/6998479 to your computer and use it in GitHub Desktop.
<html>
<a id=a href="http://<?php
$blacklist = ':@#"?`/\\';
for ($i = 33; $i < 255; $i++) {
if (strpos($blacklist, chr($i)) !== false) {
echo urlencode(chr($i));
} else
//echo urlencode(chr($i));
echo chr($i); //'&#' . $i . ';';
}
?>:a@localhost/temp/cred.php">test</a>
<br>
<a href="http://<h=&ello>@localhost/temp/cred.php">t</a>
<script>
console.log(location.href);
a=document.getElementById('a');
</script>
<plaintext>
<?php var_dump($_SERVER) ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment