ir- Test WP 120425-1

Post ./TEST_spam_code_1.html

nans

Posted

in

by

Tags:

Comments

One response to “Post ./TEST_spam_code_1.html”

  1. wp-cli Avatar
    wp-cli



    Target for XSS scan

    XSS and SQL injections example:

    URL example: ./TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20

    connect_error) {
    die(“DB connection error: ” . $conn->connect_error);
    }

    $term = $_GET[‘term’];
    if ($term) {
    echo “

    Parameter term: $term

    “;
    }

    $number = $_GET[‘id’];
    if ($number) {
    $result_number = $conn->query(“SELECT * FROM wp_users WHERE id=$number”);
    if ($result_number) {
    foreach($result_number as $raw){
    foreach($raw as $val){
    echo $val . ” “;
    }
    }
    } else {
    echo “

    Error: ” . $conn->error . “

    “;
    }
    }

    $string = $_GET[‘name’];
    if ($number) {
    $result_string = $conn->query(“SELECT * FROM wp_users WHERE user_login= ‘$string’ “);
    if ($result_string) {
    foreach($result_string as $raw){
    foreach($raw as $val){
    echo $val . ” “;
    }
    }
    } else {
    echo “

    Error: ” . $conn->error . “

    “;
    }
    }

    $conn->close();
    ?>



    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *