Last Updated: February 25, 2016
·
897
· immortal-

Vunrable code!

<?php 
//This is where the vulnerable is.
$data = $_GET['user'];

// where it displays the vulnerable.
echo $data;
?>
<!DOCTYPE html>
<head>
<title>Submit</title>
</head>

<body>
<form method = "get">
User: <input type="text" name="user" /><br />
<input type="button" value ="submit" />
</form>
</body>
</html>

3 Responses
Add your response

Vunrable?

This protip doesn't explain what's this vulnerability about. Actually the only vulnerability there is an XSS.

over 1 year ago ·

yea sorry about that still learning coderwalls interface, You can also do LFI and get phpinfo(); with that code.

over 1 year ago ·

How do you get phpinfo() with that code?

over 1 year ago ·