0
点赞
收藏
分享

微信扫一扫

03-构建xss漏洞环境

霸姨 2024-05-06 阅读 8

先完成发帖的功能

1、前端代码

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <script type="text/javascript" src="./jquery-3.4.1.min.js"></script>
    <title>发表文章</title>
    <style>
        #outer{
            width: 800px;
            height: 600px;
            border: solid 1px #000;
            margin: auto;
        }
        #outer div{
            margin: 20px;
        }
        #outer div input{
            width: 500px;

        }
        #outer div textarea{
            width: 500px;
            height: 300px;
        }
    </style>
    <script>
        function doAdd() {
            var headline = $("#headline").val();
            var content = $("#content").val();
            var param = "headline=" + headline + "&content=" + content;
            $.post("doadd.php", param, function(data) {
                if(data=="add-success"){
                    alert('发表文章成功');
                    location.href = 'list.php';
                }else{
                    alert('发表失败');
                }
            });
        }
    </script>
</head>
<?php session_start(); ?>
<body>
    <div id="outer">
        <div>你的当前用户名:<?php echo $_SESSION['username'] ?>,角色为:<?php echo $_SESSION['role'] ?></div>
        <div>请输入文章标题:<input type="text" id="headline"></div>
        <div>请输入文章内容:<textarea id="content"></textarea></div>
        <div style="text-align: center;"><button onclick="doAdd()">提交文章</button></div>
    </div>
</body>
</html>

2、后台代码

<?php
    include "common.php";     //引入公共函数库

    // 获取前端提交的数据和session变量
    $headline=$_POST['headline'];
    $content = $_POST['content'];
    $author=$_SESSION['username'];

    // 将文章数据插入数据库,并根据运行结果输出成功与否的标志
    $conn = create_connection_oop();
    $sql = "insert into article(author,headline,content,viewcount,createtime)
            values('$author','$headline','$content',1,now())";
    $conn->query($sql) or die('add-fali');

    echo "add-success";

?>

3、发帖试探

<img src="./image/dateme.gif" onclick="location.href=\'http://www.woniunote\'">

<script>
var result=1;
while (true){
    result--;
}
</script>
举报

相关推荐

xss 漏洞

03-常用API

XSS漏洞攻击

WEB漏洞——XSS

【Docker】03-安装redis

如何挖掘xss漏洞

0 条评论