dsjpik057730 2019-05-07 11:18
浏览 160

尝试通过get方法注入php代码的方法

So I was doing(trying) some hacking work and got interested in xss

echo $_GET['cmd'];

Lets assume the above code is my vulnurable site page.single line php code

I tried page?cmd=<script>alert('hi');</script>

which executed an alert dialogue

Now i need to process php. I know the page is already loaded and even if i pass php functions it will be in the source code but it wont execute. Is there a way to get it execute?

UPDATE:

http://localhost/evaltest.php?data=%3Cscript%3Ealert(%27Hit%27);document.write(%27%3C?php%20echo%20%22HI%22;?%3E%27);%3C/script%3E

The code i am passing is

<script>alert('Hit');document.write('<?php echo "HI"');</script>

And the "Hi" alert is coming in and the php code is also written but like when you open the source code

<html><head></head>
 <body>
  <script>
   alert('Hit');
   document.write('<?php echo "HI"');
  </script>
  <!--?php echo "HI"; ?-->

 </body>
</html>
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥85 maple软件,solve求反函数,出现rootof怎么办?
    • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名
    • ¥15 maple软件,用solve求反函数出现rootof,怎么办?
    • ¥65 汇编语言除法溢出问题
    • ¥15 Visual Studio问题
    • ¥20 求一个html代码,有偿
    • ¥100 关于使用MATLAB中copularnd函数的问题
    • ¥20 在虚拟机的pycharm上