-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathiframeinjection.php
59 lines (50 loc) · 1.92 KB
/
iframeinjection.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php
include_once "includer.php";
if( !isset($_GET["ParamUrl"]) || !isset($_GET["ParamHeight"]) || !isset($_GET["ParamWidth"]) ){
#header("Location: iframeinjection.php?ParamUrl=todolist.txt&ParamWidth=250&ParamHeight=250");
#exit;
$protocol = "http://";
$ip = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];
$params = "?ParamUrl=todolist.txt&ParamWidth=250&ParamHeight=250";
#echo $_SERVER['HTTP_HOST']."-".$_SERVER['REQUEST_URI'];
$link = $protocol.$ip.$uri.$params;
#echo $link;
echo "<script>window.open('$link','_self')</script>";
}
function checkInput($data)
{
switch($_COOKIE['security_level'])
{
case "0" :
$data = no_check($data);
break;
case "1" :
$data = xss_check_4($data);
break;
case "2" :
$data = xss_check_3($data);
break;
default :
$data = no_check($data);
break;
}
return $data;
}
?>
<div class="container">
<h1>iFrame Injection</h1>
<?php
if($_COOKIE["security_level"]=="0"){
?>
<iframe frameborder="0" src="<?php echo checkInput($_GET['ParamUrl'])?>" height="<?php echo checkInput($_GET['ParamHeight'])?>" width="<?php echo checkInput($_GET['ParamWidth'])?>"></iframe>
<?php
}
else{
?>
<iframe frameborder="0" src="todolist.txt" height="<?php echo checkInput($_GET['ParamHeight'])?>" width="<?php echo checkInput($_GET['ParamWidth'])?>"></iframe>
<?php
}
?>
</div>
<!-- Level 0-1: http://localhost:8080/proje/iframeinjection.php?ParamUrl=index.php&ParamWidth=250&ParamHeight=250"></iframe><p>okan</p><iframe> -->