dvwa updated
This commit is contained in:
OPSXCQ
parent
8f3c3af4fb
commit
c37af6fc80
84 changed files with 1873 additions and 605 deletions
25
dvwa/vulnerabilities/csp/source/medium.php
Normal file
25
dvwa/vulnerabilities/csp/source/medium.php
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
$headerCSP = "Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-TmV2ZXIgZ29pbmcgdG8gZ2l2ZSB5b3UgdXA=';";
|
||||
|
||||
header($headerCSP);
|
||||
|
||||
// Disable XSS protections so that inline alert boxes will work
|
||||
header ("X-XSS-Protection: 0");
|
||||
|
||||
# <script nonce="TmV2ZXIgZ29pbmcgdG8gZ2l2ZSB5b3UgdXA=">alert(1)</script>
|
||||
|
||||
?>
|
||||
<?php
|
||||
if (isset ($_POST['include'])) {
|
||||
$page[ 'body' ] .= "
|
||||
" . $_POST['include'] . "
|
||||
";
|
||||
}
|
||||
$page[ 'body' ] .= '
|
||||
<form name="csp" method="POST">
|
||||
<p>Whatever you enter here gets dropped directly into the page, see if you can get an alert box to pop up.</p>
|
||||
<input size="50" type="text" name="include" value="" id="include" />
|
||||
<input type="submit" value="Include" />
|
||||
</form>
|
||||
';
|
||||
Loading…
Add table
Add a link
Reference in a new issue