alert(2);
XSS using string.fromCharCode with ASCII codes
XSS eval of Hex Unicode Escape Sequences
XSS console cookie
XSS steal cookie with fetch
XSS steal cookie with simpler fetch
or
// HAS PROBLEM: XSS steal cookie with href redirection
// HAS PROBLEM: XSS steal cookie with img on-error
*/
// Insert new note
//$sql_query = "INSERT INTO notes (login_user_id,note) VALUES " .
// "((SELECT id FROM login_users WHERE username='{$username}'),('{$new_note}'));";
// Insert new note using a prepared statement to prevent SQL injection.
$sql_query = "INSERT INTO notes (login_user_id, note) ".
"VALUES ((SELECT id FROM login_users WHERE username = ?), ?)";
$stmt = $conn->prepare($sql_query);
if ($stmt === false) {
// Fail closed (do not leak DB details).
$conn->close();
die("Prepare failed.");
}
$stmt->bind_param("ss", $username, $new_note);
//echo $sql_query;
$result = $stmt->execute();
$stmt->close();
$conn->close();
// After processing, redirect to the same page to clear the form
unset($_POST['new_note']);
header("Location: " . $_SERVER['PHP_SELF']);
exit();
}
// Display list of all notes/comments
$sql_query = "SELECT notes.note, login_users.username FROM notes INNER JOIN login_users ON notes.login_user_id=login_users.id;";
//echo $sql_query;
$result = $conn->query($sql_query);
echo "List of notes/comments
";
if (!empty($result) && $result->num_rows >= 1) {
while ($row = $result -> fetch_assoc()) {
// Escape output to prevent stored XSS (DB content must be treated as untrusted).
$safe_note = htmlspecialchars($row["note"], ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8");
$safe_user = htmlspecialchars($row["username"], ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8");
echo "";
echo "
" . $safe_note . "
";
echo "
by " . $safe_user . "
";
echo "
No entries found.
";
}
$conn -> close();
?>
Notes - Comments
Dashboard
Logout