XXS ....

未分类

在此输入正文

reflected_xss.php demo

<!DOCTYPE html>
<html>
    <head>
        <title><?php echo $_GET[''];?></title>
    </head>
    <body>
        <center>
            <h1>
                <?php
                    $title = htmlspecialchars($_GET['title']);
                    echo $title;
                ?>              
            </h1>
            <p>
                content ......
            </p>            
        </center>
    </body>
</html>

form_xss.php demo

<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>XSS原理重现</title> 
</head> 
<body> 
<form action="" method="get"> 
<input type="text" name="xss_input"> 
<input type="submit"> 
</form> 
<hr> 
<?php 
$xss = $_GET['xss_input'];  
echo '你输入的字符为<br>'.$xss;  
?> 
</body> 
</html> 

文章链接：
1. 51cto XSS的原理分析与解剖：http://netsecurity.51cto.com/art/201408/448305_all.htm

1. ichunqiu XSS漏洞......： http://mp.weixin.qq.com/s/zbQ1gNjKOynMxqjnDBN3fQ