Skip to content

Bypass 'preg_replace' XSS filter

// xss.php (Download)
 
 <?php
 
$message = $_GET[‘xss’];

$message = 
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
 
echo $message;
?>
 
Continue reading "Bypass 'preg_replace' XSS filter"
Imprint | Contact | Privacy Statement