Added buffer overflow example

author: Marcin Zelent <zelent.marcin@gmail.com> 2018-05-30 18:27:51 +0200
committer: Marcin Zelent <zelent.marcin@gmail.com> 2018-05-30 18:27:51 +0200
commit: ee0bd3f7716546f679bd390d7b681fedf949b2fb (patch)
tree: a8b21d9c4707521dcf161bbdc7a20f622700c6f2 /examples/xss/index.php
parent: 7b2e079f4ef3cd3f16c6c5ca30fc3e97fd982b28 (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/examples/xss/index.php b/examples/xss/index.php
new file mode 100644
index 0000000..e645517
--- /dev/null
+++ b/examples/xss/index.php
@@ -0,0 +1,36 @@
+<?php
+	class MyDB extends SQLite3 {
+      function __construct() {
+         $this->open('comments.db');
+      }
+   }
+
+	if (isset($_POST['user'], $_POST['comment'])) {
+		$user = $_POST['user'];
+		$comment = $_POST['comment'];
+
+		$db = new MyDB();
+
+		$sql = 'INSERT INTO Comments VALUES(\'' . $user . '\',\'' . $comment . '\')';
+		$ret = $db->exec($sql);
+		$db->close();
+	}
+
+	echo '<!DOCTYPE HTML><html><head><title>Comments</title>' .
+	   	 '<meta charset="utf-8"></head><body><h1>Comments</h1>';
+
+	$db = new MyDB();
+
+	$sql = 'SELECT * FROM Comments';
+	$ret = $db->query($sql);
+	while ($row = $ret->fetchArray(SQLITE3_ASSOC))
+		echo '<p><b>' . $row['user'] . '</b> says:<br>' . $row['comment'] . '</p>';
+
+	$db->close();
+
+	echo '<h2>Add comment</h1><form action="index.php" method="post">' .
+		 '<input type="text" name="user" placeholder="User name"><br>' .
+		 '<input type="text" name="comment" placeholder="Comment"><br>' .
+		 '<input type="submit" value="Add"><br>' .
+		 '</form></body></html>';
+?>
author	Marcin Zelent <zelent.marcin@gmail.com>	2018-05-30 18:27:51 +0200
committer	Marcin Zelent <zelent.marcin@gmail.com>	2018-05-30 18:27:51 +0200
commit	ee0bd3f7716546f679bd390d7b681fedf949b2fb (patch)
tree	a8b21d9c4707521dcf161bbdc7a20f622700c6f2 /examples/xss/index.php
parent	7b2e079f4ef3cd3f16c6c5ca30fc3e97fd982b28 (diff)