koto/credtest.php

## credtest.php
<html>
<a id=a href="http://<?php

$blacklist = ':@#"?`/\\';

for ($i = 33; $i < 255; $i++) {
  if (strpos($blacklist, chr($i)) !== false) {
		echo urlencode(chr($i));
	} else
	//echo urlencode(chr($i));
		echo chr($i); //'&#' . $i . ';';
}

?>:a@localhost/temp/cred.php">test</a>
<br>
<a href="http://<h=&ello>@localhost/temp/cred.php">t</a>
<script>
console.log(location.href);
a=document.getElementById('a');
</script>
<plaintext>
<?php var_dump($_SERVER) ?>
	<html>
	<a id=a href="http://<?php

	$blacklist = ':@#"?`/\\';

	for ($i = 33; $i < 255; $i++) {
	if (strpos($blacklist, chr($i)) !== false) {
	echo urlencode(chr($i));
	} else
	//echo urlencode(chr($i));
	echo chr($i); //'&#' . $i . ';';
	}

	?>:a@localhost/temp/cred.php">test</a>
	<br>
	<a href="http://<h=&ello>@localhost/temp/cred.php">t</a>
	<script>
	console.log(location.href);
	a=document.getElementById('a');
	</script>
	<plaintext>
	<?php var_dump($_SERVER) ?>