Last active
January 15, 2016 18:42
-
-
Save cosme12/991d214405c2c55bf8c0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
################################################ | |
FECHA: 15/1/2016 | |
CREADO POR: COSME-FULANITOS Y KADARYAN | |
SISTEMA BASICO DE SHOUTS DE TARINGA | |
CONFIGURACION: | |
- crear un archivo de texto en el mismo directorio que se llame "historial.txt" | |
NOTA: | |
- vulnerable a XSS | |
################################################ | |
*/ | |
$fichero = 'historial.txt'; | |
// Abre el fichero para obtener el contenido existente | |
$actual = file_get_contents($fichero); | |
// Añade un nuevo shout al fichero | |
if (isset($_POST['shout'])){ | |
$actual = $_POST['shout']."\n".$actual; | |
// Escribe el contenido al fichero | |
file_put_contents($fichero, $actual); | |
} | |
?> | |
<html> | |
<head> | |
<script> | |
function myFunction() { | |
var person = prompt("Pega el Url de La Imagen", ""); | |
if (person != null) { | |
document.getElementById("demo").innerHTML = "<img src=" + person + " width=400 height=300>"; | |
document.getElementById("shout").value = "<img src=" + person + " width=400 height=300>"; | |
} | |
} | |
function myFunction2() { | |
var person = prompt("Escribe algo...", ""); | |
if (person != null) { | |
document.getElementById("demo").innerHTML = "<p>" + person + "</p>"; | |
document.getElementById("shout").value = "<p>" + person + "</p>"; | |
} | |
} | |
function myFunction3() { | |
var person = prompt("Pega el Url del Video :::::"); | |
if (person != null) { | |
document.getElementById("demo").innerHTML = "<embed width=420 height=315 src=' + person + ' >"; | |
document.getElementById("shout").value = "<embed width=420 height=315 src=' + person + ' >"; | |
} | |
} | |
</script> | |
</head> | |
<body> | |
<title>KADARYAN</title> | |
<p><a href="index.php">KADARYAN</a></p> | |
<button onclick="myFunction2()">Escribir Texto</button> | |
<button onclick="myFunction()">Adjuntar Imagen</button> | |
<button onclick="myFunction3()">Adjuntar Video</button> | |
<form action="index.php" method="post"> | |
<input id="shout" type="text" name="shout" style="display:none"> | |
<input type="submit" value="Enviar shout"> | |
</form> | |
<p id="demo"></p> | |
<p id="historial"><?php print $actual; ?></p> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment