Paul
/
Security-VM
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

First simple XSS vulnerable webpages are now ready

Browse Source
Paul Wagener 12 years ago
parent f0c641beb8
commit 8345da1679
4 changed files with 124 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      bank/message.php
  2. 61
      webshop/image_zoom escapehtml.php
  3. 61
      webshop/image_zoom.php
  4. 2
      webshop/product_detail.php

4
bank/message.php
Unescape View File

@ -31,10 +31,6 @@
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<p>Welkom bij de Poespas Bank. De bank die u kunt vertrouwen.</p>
<p>Vul alleen uw gegevens in als u zeker weet dat u zich op de echte Poespas site bevind. </p>
<hr /> <hr />
<div class="alert alert-info"> <div class="alert alert-info">

61
webshop/image_zoom escapehtml.php
Unescape View File

@ -0,0 +1,61 @@
<?php
header('X-XSS-Protection: 0'); // Disable XSS protection in modern browsers to allow the exercises to work
setcookie('session', md5('123456'));
?><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Lekkende Kranen Empirium</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="Paul Wagener">
<link id="callCss" rel="stylesheet" href="/themes/bootshop/bootstrap.min.css" media="screen"/>
<link href="/themes/css/base.css" rel="stylesheet" media="screen"/>
<link href="/themes/css/bootstrap-responsive.min.css" rel="stylesheet"/>
<link href="/themes/css/font-awesome.css" rel="stylesheet" type="text/css">
<!-- De code in dit bestand is met opzet slecht en zeer onveilig opgezet.
GEBRUIK DEZE CODE NIET als referentiemateriaal voor je eigen PHP projecten! -->
</head>
<body>
<div id="header">
<div class="container">
<div id="welcomeLine" class="row">
</div>
<!-- Navbar ================================================== -->
<div id="logoArea" class="navbar">
<a id="smallScreen" data-target="#topMenu" data-toggle="collapse" class="btn btn-navbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="navbar-inner">
<a class="brand" href="/webshop"><img src="/themes/images/logo.png" alt="Leaky's Kranen Emporium"/></a>
<form class="form-inline navbar-search" method="post" action="products.html" >
</form>
<ul id="topMenu" class="nav pull-right">
</ul>
</div>
</div>
</div>
</div>
<!-- Header End====================================================================== -->
<div id="mainBody">
<div class="container">
<div class="row">
<div class="span12">
<img src='/themes/images/products/<?php echo htmlspecialchars($_GET['image']) ?>' style="width:50%; margin: 0 auto;"/>
</div>
</div>
<!-- MainBody End ============================= -->
</body>
</html>

61
webshop/image_zoom.php
Unescape View File

@ -0,0 +1,61 @@
<?php
header('X-XSS-Protection: 0'); // Disable XSS protection in modern browsers to allow the exercises to work
setcookie('session', md5('123456'));
?><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Lekkende Kranen Empirium</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="Paul Wagener">
<link id="callCss" rel="stylesheet" href="/themes/bootshop/bootstrap.min.css" media="screen"/>
<link href="/themes/css/base.css" rel="stylesheet" media="screen"/>
<link href="/themes/css/bootstrap-responsive.min.css" rel="stylesheet"/>
<link href="/themes/css/font-awesome.css" rel="stylesheet" type="text/css">
<!-- De code in dit bestand is met opzet slecht en zeer onveilig opgezet.
GEBRUIK DEZE CODE NIET als referentiemateriaal voor je eigen PHP projecten! -->
</head>
<body>
<div id="header">
<div class="container">
<div id="welcomeLine" class="row">
</div>
<!-- Navbar ================================================== -->
<div id="logoArea" class="navbar">
<a id="smallScreen" data-target="#topMenu" data-toggle="collapse" class="btn btn-navbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<div class="navbar-inner">
<a class="brand" href="/webshop"><img src="/themes/images/logo.png" alt="Leaky's Kranen Emporium"/></a>
<form class="form-inline navbar-search" method="post" action="products.html" >
</form>
<ul id="topMenu" class="nav pull-right">
</ul>
</div>
</div>
</div>
</div>
<!-- Header End====================================================================== -->
<div id="mainBody">
<div class="container">
<div class="row">
<div class="span12">
<img src="/themes/images/products/<?php echo $_GET['image'] ?>" style="width:50%; margin: 0 auto;"/>
</div>
</div>
<!-- MainBody End ============================= -->
</body>
</html>

2
webshop/product_detail.php
Unescape View File

@ -72,7 +72,9 @@ $connection->close();
<div class="row"> <div class="row">
<div id="gallery" class="span3"> <div id="gallery" class="span3">
<a href="/webshop/image_zoom.php?image=<?php echo $row['afbeelding'] ?>">
<img src="/themes/images/products/<?php echo $row['afbeelding'] ?>" style="width:100%"/> <img src="/themes/images/products/<?php echo $row['afbeelding'] ?>" style="width:100%"/>
</a>
</div> </div>
<div class="span6"> <div class="span6">
<h3><?php echo $row['naam'] ?></h3> <h3><?php echo $row['naam'] ?></h3>

Write Preview
Loading…
Cancel
Save