From ee0bd3f7716546f679bd390d7b681fedf949b2fb Mon Sep 17 00:00:00 2001 From: Marcin Zelent Date: Wed, 30 May 2018 18:27:51 +0200 Subject: Added buffer overflow example --- examples/xss/index.php | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 examples/xss/index.php (limited to 'examples/xss/index.php') diff --git a/examples/xss/index.php b/examples/xss/index.php new file mode 100644 index 0000000..e645517 --- /dev/null +++ b/examples/xss/index.php @@ -0,0 +1,36 @@ +open('comments.db'); + } + } + + if (isset($_POST['user'], $_POST['comment'])) { + $user = $_POST['user']; + $comment = $_POST['comment']; + + $db = new MyDB(); + + $sql = 'INSERT INTO Comments VALUES(\'' . $user . '\',\'' . $comment . '\')'; + $ret = $db->exec($sql); + $db->close(); + } + + echo 'Comments' . + '

Comments

'; + + $db = new MyDB(); + + $sql = 'SELECT * FROM Comments'; + $ret = $db->query($sql); + while ($row = $ret->fetchArray(SQLITE3_ASSOC)) + echo '

' . $row['user'] . ' says:
' . $row['comment'] . '

'; + + $db->close(); + + echo '

Add comment

'; +?> -- cgit v1.2.3