Skip to content

Instantly share code, notes, and snippets.

@theMiddleBlue

theMiddleBlue/index.php

Created August 21, 2020 14:15
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save theMiddleBlue/a098f37fbc08b47b2f2ddad8d1579b21 to your computer and use it in GitHub Desktop.
Save theMiddleBlue/a098f37fbc08b47b2f2ddad8d1579b21 to your computer and use it in GitHub Desktop.
Download ZIP
XSS Vulnerable Web Application
Raw
index.php
<html>
<body>
<?php
function sanitize_username($username) {
return strtr(
htmlentities($username, ENT_QUOTES),
[';' => '']
);
}
?>
<a href="#!" onclick="javascript:myFunction('/profile/<?php echo sanitize_username($_GET["user"]) ?>')">Profile</a>
<script>
function myFunction(url) {
// do something...
location.href=url
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment