docker-vulnerable-dvwa/dvwa/vulnerabilities/csp/source/high.php

<?php
$headerCSP = "Content-Security-Policy: script-src 'self';";

header($headerCSP);

?>
<?php
if (isset ($_POST['include'])) {
$page[ 'body' ] .= "
	" . $_POST['include'] . "
";
}
$page[ 'body' ] .= '
<form name="csp" method="POST">
	<p>The page makes a call to ' . DVWA_WEB_PAGE_TO_ROOT . '/vulnerabilities/csp/source/jsonp.php to load some code. Modify that page to run your own code.</p>
	<p>1+2+3+4+5=<span id="answer"></span></p>
	<input type="button" id="solve" value="Solve the sum" />
</form>

<script src="source/high.js"></script>
';
dvwa updated 2018-10-12 15:49:58 +00:00			`<?php`
			`$headerCSP = "Content-Security-Policy: script-src 'self';";`

			`header($headerCSP);`

			`?>`
			`<?php`
			`if (isset ($_POST['include'])) {`
			`$page[ 'body' ] .= "`
			`" . $_POST['include'] . "`
			`";`
			`}`
			`$page[ 'body' ] .= '`
			`<form name="csp" method="POST">`
			`<p>The page makes a call to ' . DVWA_WEB_PAGE_TO_ROOT . '/vulnerabilities/csp/source/jsonp.php to load some code. Modify that page to run your own code.</p>`
			`<p>1+2+3+4+5=<span id="answer"></span></p>`
			`<input type="button" id="solve" value="Solve the sum" />`
			`</form>`

			`<script src="source/high.js"></script>`
			`';`