2018-11-29 19:53:51 +00:00
|
|
|
<!DOCTYPE html>
|
|
|
|
|
<html>
|
|
|
|
|
<head>
|
|
|
|
|
<title>XSS 4</title>
|
|
|
|
|
</head>
|
|
|
|
|
<body>
|
|
|
|
|
<form method="GET" action="" name="form">
|
|
|
|
|
<p>Your name:<input type="text" name="username"></p>
|
2018-11-29 23:34:23 +00:00
|
|
|
<input type="submit" name="submit" value="Submit">
|
2018-11-29 19:53:51 +00:00
|
|
|
</form>
|
|
|
|
|
<?php
|
|
|
|
|
if (isset($_GET["username"])) {
|
|
|
|
|
$values = array("script", "prompt", "alert", "h1");
|
|
|
|
|
|
|
|
|
|
$user = str_replace($values, " ",$_GET["username"]);
|
|
|
|
|
echo "$user";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
?>
|
|
|
|
|
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
