XSS Tutorial Package
Intermediate - Part 5
Hint: Alert is disabled, what to do? Write?
(look in the HTML source for clues..)
Input a string you want to see:
Click here to see the affected PHP source code below.
$input = isset($_GET['text']) ? $_GET['text'] : NULL;
$regex = "/alert/i"; // A case-insensitive array.
$antihacker = preg_match($regex,$input); // Returns true if any of the strings in $regex is found.
if($input!=NULL && $antihacker==FALSE) {
echo "The text you entered was: ". $input;
} else if($input!=NULL && $antihacker==TRUE) {
echo "Don't try to use words like: alert!";
} else {
echo "Input a string you want to see: <br />
<form action='?' method='GET'>
<input type='text' name='text' />
<input type='submit' value='Submit!' />
</form>
";
}