ir- Test WP 120425-1

Post ./TEST_xss_and_sqli.php



Target for XSS scan

XSS and SQL injections example:

URL example: ./TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20

connect_error) {
die(“DB connection error: ” . $conn->connect_error);
}

$term = $_GET[‘term’];
if ($term) {
echo “

Parameter term: $term

“;
}

$number = $_GET[‘id’];
if ($number) {
$result_number = $conn->query(“SELECT * FROM wp_users WHERE id=$number”);
if ($result_number) {
foreach($result_number as $raw){
foreach($raw as $val){
echo $val . ” “;
}
}
} else {
echo “

Error: ” . $conn->error . “

“;
}
}

$string = $_GET[‘name’];
if ($number) {
$result_string = $conn->query(“SELECT * FROM wp_users WHERE user_login= ‘$string’ “);
if ($result_string) {
foreach($result_string as $raw){
foreach($raw as $val){
echo $val . ” “;
}
}
} else {
echo “

Error: ” . $conn->error . “

“;
}
}

$conn->close();
?>