darksecurity.de | Entries tagged as bypass

Skip to content

Entries tagged as bypass

Bypass 'preg_replace' XSS filter

Posted by Stefan Schurtz on Thursday, July 12. 2012

// xss.php (Download)

<?php

$message = $_GET[‘xss’];

$message =

preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|

onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|

onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );

echo $message;

?>

Continue reading "Bypass 'preg_replace' XSS filter"

Sidebar

Calendar

Werbung

Exploit-DB updates by Offensive Security

[webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)

Sunday, June 4. 2023

[webapps] MotoCMS Version 3.4.3 - SQL Injection

Sunday, June 4. 2023

[webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible

Sunday, June 4. 2023

[webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Sunday, June 4. 2023

[webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Sunday, June 4. 2023

OpenBSD Journal

Game of Trees 0.89 released

Monday, June 5. 2023

New versions of LibreSSL released

Sunday, May 28. 2023

cron(8) now supports random ranges with steps

Sunday, May 7. 2023

OpenBGPD 8.0 released

Friday, May 5. 2023

rpki-client 8.4 released

Wednesday, May 3. 2023

Game of Trees 0.88 released!

Sunday, April 30. 2023

VM owners can now override the boot kernel

Sunday, April 30. 2023

vmd(8) moves to a multi-process model

Sunday, April 30. 2023

viogpu(4), a VirtIO GPU driver, added to -current

Friday, April 21. 2023

Archives

Blog Administration

Open login screen

Imprint | Contact | Privacy Statement