-
Notifications
You must be signed in to change notification settings - Fork 1
/
xss_cookie.php
28 lines (23 loc) · 1.02 KB
/
xss_cookie.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/default.css">
</head>
<body>
<h2 id="title">XSS Vulnerable Cookie</h2>
<?php
//include "include/headers.php";
$httponly = false;
//setcookie("test_cookie", $value, null, '/', null, null, false);
setcookie("xsrf_token", uniqid(), null, '/', null, null, $httponly);
echo "<p>Vulnerable cookie is “test-cookie”.</p>\n";
// Set up the query
if(isset($_COOKIE['test-cookie'])) {
$cookie = urldecode(trim($_COOKIE['test-cookie']));
echo "$cookie\n";
//echo "<script>eval($cookie);</script>\n";
}
echo "<div style='width: 500px;'><p>“The major lesson Tiggers need to learn is that if they don't control their impulses, their impulses will control them. No matter how much they do, Tiggers are never satisfied because they don't know the feeling of accomplishment that eventually comes when one persistently applies one's will to the attaining of non-immediately-reachable goals.”</p>
<p>- Benjamin Hoff</p></div>\n";
?>
</body>
</html>