html - html_entity_decode doesn't seem to work laravel php -


i'm trying decode html entities of javascript code. doesn't seem work, still outputs encoded html elements. %3cscript%3 needs become < script >

    array content          array         (             [0] => http://localhost:8888//index.php?email=%3cscript%3ealert%28%27biatg906op%27%29%3c%2fscript%3e%0a             [1] => http://localhost:8888//index.php?email=%3cscript%3ealert%28%22biatg906op%22%29%3c%2fscript%3e%0a             [2] => http://localhost:8888//index.php?email=%3cscript%3ealert%28%27biatg906op%27%29%3c%2fscript%3e%0a             [3] => http://localhost:8888//index.php?email=%3cscript%3ealert%28%22biatg906op%22%29%3c%2fscript%3e%0a             ...         )          $xss_array = explode("=", $value);          $xss_attack = html_entity_decode($xss_array[1]);          echo 'attack: ' . $xss_attack.php_eol;          output         attack: %3cscript%3ealert%28%27khp9s5z73u%27%29%3c%2fscript%3e%0a         attack: %3cscript%3ealert%28%22khp9s5z73u%22%29%3c%2fscript%3e%0a         attack: %3cscript%3ealert%28%27khp9s5z73u%27%29%3c%2fscript%3e%0a         attack: %3cscript%3ealert%28%22khp9s5z73u%22%29%3c%2fscript%3e%0a

this not html not decode html_entity_decode().

you can resolve using urldecode().

code:

<?php  $val= "http://localhost:8888//index.php?email=%3cscript%3ealert%28%27biatg906op%27%29%3c%2fscript%3e%0a";  $xss_array = explode("=", $val);  $xss_attack = urldecode($xss_array[1]);  echo 'attack: ' . $xss_attack.php_eol;

output:

attack: <script>alert('biatg906op')</script>

demo: click here


Comments

Post a Comment

Popular posts from this blog

python - Operations inside variables -

this question has answer here: evaluating mathematical expression in string 12 answers i want make python script finds maximum possible output using 2 operations. problem says there syntax error @ 2nd last line, in b in there. how can fix it? x = 0 = int(input("1st number:")) c = int(input("2nd number:" )) e = int(input("3rd number:" )) in range(4): if == 0: b = "+" elif == 1: b = "-" elif == 2: b = "/" else: b = "*" j in range(4): if j == 0: d = "+" elif j == 1: d = "-" elif j == 2: d = "/" else: d = "*" k = b c d e print(k) if you're after variables e on single line, couldn...
Read more

Generic Map Parameter java -

i having lot of methods of type: public static list<eduusers> getdetails(class c, map<string, integer> params) { list<eduusers> details = null; session session = hibernateutil.getsessionfactory().opensession(); transaction tx = null; try { tx = session.begintransaction(); criteria cr = session.createcriteria(c); (map.entry<string, integer> entry : params.entryset()) { cr.add(restrictions.eq(entry.getkey(), entry.getvalue())); } details = cr.list(); tx.commit(); } catch (exception asd) { log.debug(asd.getmessage()); if (tx != null) { tx.commit(); } } { session.close(); } return details; } i trying have generic method them , have written far: public static <t> list<t> getdetails(class<t> c, class<t> b) { l...
Read more

arrays - What causes a java.lang.ArrayIndexOutOfBoundsException and how do I prevent it? -

what arrayindexoutofboundsexception mean , how rid of it? here code sample triggers exception: string[] name = {"tom", "dick", "harry"}; for(int = 0; i<=name.length; i++) { system.out.print(name[i] +'\n'); } your first port of call should documentation explains reasonably clearly: thrown indicate array has been accessed illegal index. index either negative or greater or equal size of array. so example: int[] array = new int[5]; int boom = array[10]; // throws exception as how avoid it... um, don't that. careful array indexes. one problem people run thinking arrays 1-indexed, e.g. int[] array = new int[5]; // ... populate array here ... (int index = 1; index <= array.length; index++) { system.out.println(array[index]); } that miss out first element (index 0) , throw exception when index 5. valid indexes here 0-4 inclusive. correct, idiomatic for statement here be: for (int index = 0; index <...
Read more