add xss and redirect php code and t file

c0ntr01 · Nov 14, 2014 · c8595f9 · c8595f9
1 parent 0d2759d
commit c8595f9
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 0 deletions.
diff --git a/t/redirect-1.t b/t/redirect-1.t
@@ -0,0 +1,7 @@
+GET /redirect.php?page=http://www.baidu.com HTTP/1.1
+Connection: keep-alive
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Encoding: gzip,deflate,sdch
+Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
+Host: example.com
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
diff --git a/t/xss-1.t b/t/xss-1.t
@@ -0,0 +1,7 @@
+GET /xss.php?name=%3Cscript%3Ealert%281%29;%3C/script%3E HTTP/1.1
+Connection: keep-alive
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Encoding: gzip,deflate,sdch
+Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
+Host: example.com
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
diff --git a/vulCode/redirect.php b/vulCode/redirect.php
@@ -0,0 +1 @@
+<?php header("Location: ".$_GET['page']); ?>
diff --git a/vulCode/xss/xss.php b/vulCode/xss/xss.php
@@ -0,0 +1 @@
+<?php echo $_GET["name"]; ?>