bWAPP--low--HTML Injection - Reflected (POST)
只不过是把传递方式换成post,
防护的三个级别和内容与GET相同
1 function htmli($data) 2 { 3 4 switch($_COOKIE["security_level"]) 5 { 6 7 case "0" : 8 9 $data = no_check($data); 10 break; 11 12 case "1" : 13 14 $data = xss_check_1($data); 15 break; 16 17 case "2" : 18 19 $data = xss_check_3($data); 20 break; 21 22 default : 23 24 $data = no_check($data); 25 break;; 26 27 } 28 29 return $data; 30 31 } 32 33 <label>Set your security level:</label><br /> 34 35 <select name="security_level"> 36 37 <option value="0">low</option> 38 <option value="1">medium</option> 39 <option value="2">high</option> 40 41 </select>
1 <div id="main"> 2 3 <h1>HTML Injection - Reflected (POST)</h1> 4 5 <p>Enter your first and last name:</p> 6 7 <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="POST"> 8 9 <p><label for="firstname">First name:</label><br /> 10 <input type="text" id="firstname" name="firstname"></p> 11 12 <p><label for="lastname">Last name:</label><br /> 13 <input type="text" id="lastname" name="lastname"></p> 14 15 <button type="submit" name="form" value="submit">Go</button> 16 17 </form> 18 19 <br /> 20 <?php 21 22 if(isset($_POST["firstname"]) && isset($_POST["lastname"])) 23 { 24 25 $firstname = $_POST["firstname"]; 26 $lastname = $_POST["lastname"]; 27 28 if($firstname == "" or $lastname == "") 29 { 30 31 echo "<font color="red">Please enter both fields...</font>"; 32 33 } 34 35 else 36 { 37 38 echo "Welcome " . htmli($firstname) . " " . htmli($lastname); 39 40 } 41 42 } 43 44 ?> 45 46 </div>