Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>Injection</title>
- <style>
- * { font-family: verdana; font-size: 10pt; COLOR: gray; }
- b { font-weight: bold; }
- table { border: 1px solid gray;}
- td { text-align: center; padding: 25;}
- .form {margin: 20 20 20 20;padding:25 25 25 25;}
- </style>
- </head>
- <body>
- <br /><br /><br /><br />
- <form method="post" action="./injection-old.php">
- Name: <input type="text" size="20" maxlength="30" name="name"><br /><br />
- Age: <input type="text" size="20" maxlength="30" name="age"><br /><br />
- eMail <input type="text" size="20" maxlength="30" name="email"><br /><br />
- Comments:<input type="text" size="20" maxlength="200" name="comments"><br /><br />
- <input type="submit" value="Submit Comments">
- </form>
- <br /><br />
- <form method="post" action="./injection.php">
- <h4>View details by name</h4>
- Name: <input type="text" size="20" maxlength="100" name="namequery"><br /><br />
- <br /><br />
- <input type="submit" value="Submit Comments">
- </form>
- </body>
- </html>
- <?php
- $DBhost = "localhost";
- $DBuser = "scorpio_vijay";
- $DBpass = "shruthi";
- $DBName = "scorpio_test";
- $conn = mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
- @mysql_select_db("$DBName") or die("Unable to select database $DBName");
- $name = $_REQUEST['name'];
- $age = $_REQUEST['age'];
- $comments = $_REQUEST['comments'];
- $email = $_REQUEST['email'];
- $query = "INSERT INTO injection VALUES('','$name','$age','$email','$comments')";
- $result = mysql_query($query,$conn);
- mysql_close();
- echo $name;
- echo $age;
- echo $comments;
- ?>
- <?php
- $DBhost = "localhost";
- $DBuser = "scorpio_vijay";
- $DBpass = "shruthi";
- $DBName = "scorpio_test";
- $conn = mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database");
- @mysql_select_db("$DBName") or die("Unable to select database $DBName");
- $name = $_REQUEST['namequery'];
- $query = "SELECT * FROM injection WHERE name = '$name'";
- $result = mysql_query($query);
- $numofrows = mysql_num_rows($result);
- ?>
- <html>
- <head>
- </head>
- <body>
- <table>
- <tr>
- <th>Sno</th>
- <th>Name</th>
- <th>Age</th>
- <th>eMail</th>
- <th>Comments</th>
- </tr>
- <?php
- while($row = mysql_fetch_row($result))
- {
- echo "<tr>";
- foreach($row as $cell)
- echo "<td>$cell</td>";
- echo "</tr>\n";
- }
- mysql_free_result($result);
- ?>
- </table>
- </body>
- </html>
- <html>
- <head>
- <title>XSS</title>
- <style>
- * { font-family: verdana; font-size: 10pt; COLOR: gray; }
- b { font-weight: bold; }
- table { border: 1px solid gray;}
- td { text-align: center; padding: 25;}
- .form {margin: 20 20 20 20;padding:25 25 25 25;}
- </style>
- </head>
- <body>
- <br /><br /><br /><br />
- <form method="get" action="./xss-attack.php">
- <h4>Comments</h4><br />
- <textarea rows="10" cols="50" name="xsscomments"></textarea><br /><br />
- <input type="submit" value="Submit Comments">
- </form>
- <br /><br />
- </body>
- </html>
- <?php
- setcookie("Ramanathan","Alex Pandian",time()+3600);
- if($_REQUEST['xsscomments']){
- $xsscomments = $_REQUEST['xsscomments'];
- echo $xsscomments;
- }
- ?>
Add Comment
Please, Sign In to add comment