Bypass 'preg_replace' XSS filter
// xss.php (Download)
<?php
$message = $_GET[‘xss’];
$message =
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
|
echo $message;
?>