XSS vulnerable test pages updated

2014-08-22 06:09:35 -04:00
parent 7df09d1747
commit 45c1dc457c
2 changed files with 31 additions and 0 deletions
--- a/tests/form.php
+++ b/tests/form.php
@@ -0,0 +1,17 @@
+<?php
+setcookie("user", "JohnDoe", time() + 3600, "/");
+?>
+
+<html>
+<body>
+<form method="post" action="reflect.php">
+  Email: <input name="email" type="text" /><br>
+  Message:<br>
+  <textarea name="message" rows="15" cols="40">
+  </textarea><br>
+  Link: <input name="link", type="text" /><br>
+  <input type="submit" />
+</form>
+
+</body>
+</html>
--- a/tests/headers.php
+++ b/tests/headers.php
@@ -0,0 +1,14 @@
+<?php
+echo 'User-Agent: ', $_SERVER['HTTP_USER_AGENT'];
+echo '<br>';
+echo 'Referer: ', $_SERVER['HTTP_REFERER'];
+echo '<br>';
+
+/* Notice that the below will return the URL escaped value and not trigger an XSS. 
+	Once I can figure out how to monkeypatch scrapy Request class so it won't URL encode
+	the URL, the script will catch this as a vuln. Until then, it's not vulnerable. */
+echo 'URL: ', $_SERVER['REQUEST_URI'];
+echo '<br>';
+echo 'Your cookie: ';
+print_r($_COOKIE);
+?>