|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 70
Members: 0
Total: 70
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
PHP tag <?php get filtered to <--?php |
|
Posted: Fri Dec 07, 2012 12:56 am |
|
|
Panic_Mode |
Active user |
|
|
Joined: Feb 09, 2008 |
Posts: 39 |
|
|
|
|
|
|
|
Hi, found a vulnerable form which stores html and js in the database and displays the output in a part of the webpage. I have tried injecting php code using <?php but the output in the pages source is <--?php (like a comment).
I would like to ask which is responsible for that. Apache? Mysql? Also is there a way to bypass it? I have tried encoding the "<" with no luck.
Thanks |
|
|
|
|
|
Re: PHP tag <?php get filtered to <--?php |
|
Posted: Fri Dec 07, 2012 9:37 pm |
|
|
Cyko |
Moderator |
|
|
Joined: Jul 21, 2009 |
Posts: 375 |
|
|
|
|
|
|
|
Panic_Mode wrote: | Hi, found a vulnerable form which stores html and js in the database and displays the output in a part of the webpage. I have tried injecting php code using <?php but the output in the pages source is <--?php (like a comment).
I would like to ask which is responsible for that. Apache? Mysql? Also is there a way to bypass it? I have tried encoding the "<" with no luck.
Thanks |
You can not execute php code by simply entering it into a form, unless the site is using 'eval' or including the code you input. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|