-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathsentinel-xss1.php
40 lines (32 loc) · 1 KB
/
sentinel-xss1.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<?php
$myname = "sentinel-xss1.php";
$var_title = "XSS1";
$var_description = "Initial XSS test";
$var_paramname = "vulnparam";
$var_paramtype = "get";
$var_paramcontent = "unencoded (only GET url encoded)";
$var_output = "";
function issueRequest() {
global $myname;
global $var_paramname;
$var_value = "Default Value";
$url = "http" . (!empty($_SERVER['HTTPS']) ? "s" : "") . "://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'];
$destination = $url . "?" . $var_paramname . "=" . urlencode($var_value);
header( 'Location: ' . $destination );
exit();
}
$isStart = $_GET['start'];
if ($isStart == "true") {
issueRequest();
} else {
$var_output = urldecode($_GET['vulnparam']);
/*
$a = urldecode($_GET['vulnparam']);
$a = strip_tags($a);
$var_output = '<a id="ctl84_ContactsGridView_ctl11_lkbGVRow" href="javascript:__doPostBack(\'ctl84$ContactsGridView$ctl11$lkbGVRow\',\'\')">' . $a . '</a>';
*/
include 'base-header.php';
include 'base-content.php';
include 'base-footer.php';
}
?>