ANTICHAT - Показать сообщение отдельно - обход фильтраци для xss?

Цитата:

Сообщение от [Feldmarschall

"]
[Feldmarschall] said:
http://raz0r.name/vulnerabilities/sql-inekcii-svyazannye-s-multibajtovymi-kodirovkami-i-addslashes/

Ок, есть скрипт.

PHP код:


		
			
[COLOR="#000000"][COLOR="#0000BB"]mysql_connect[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'localhost'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]'root'[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#DD0000"]''[/COLOR][COLOR="#007700"]);

[/COLOR][COLOR="#0000BB"]mysql_select_db[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'bf'[/COLOR][COLOR="#007700"]);

if(isset([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'btnSign'[/COLOR][COLOR="#007700"]])) 

{  

  

[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'mtxMessage'[/COLOR][COLOR="#007700"]]); 

[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_GET[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'txtName'[/COLOR][COLOR="#007700"]]); 

    

[/COLOR][COLOR="#FF8000"]// Sanitize message input 

[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]strip_tags[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]addslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]))); 

[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]); 

[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]htmlspecialchars[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#007700"]); 

     

[/COLOR][COLOR="#FF8000"]// Sanitize name input 

[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]trim[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]strip_tags[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]addslashes[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]))); 

[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]mysql_real_escape_string[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]); 

   

[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"INSERT INTO guestbook (comment,name) VALUES ('[/COLOR][COLOR="#0000BB"]$message[/COLOR][COLOR="#DD0000"]','[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#DD0000"]');"[/COLOR][COLOR="#007700"]; 

   print[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"];

[/COLOR][COLOR="#0000BB"]mysql_query[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]) or die([/COLOR][COLOR="#0000BB"]mysql_error[/COLOR][COLOR="#007700"]());

    

}  

  

[/COLOR][/COLOR]

Удачи.