alert(2);
XSS using string.fromCharCode with ASCII codes
XSS eval of Hex Unicode Escape Sequences
XSS console cookie
XSS steal cookie with fetch
XSS steal cookie with simpler fetch
or
// HAS PROBLEM: XSS steal cookie with href redirection
// HAS PROBLEM: XSS steal cookie with img on-error
*/
// Insert new note
//$sql_query = "INSERT INTO notes (login_user_id,note) VALUES " .
// "((SELECT id FROM login_users WHERE username='{$username}'),('{$new_note}'));";
$sql_query = "INSERT INTO notes (login_user_id, note) ".
"VALUES ((SELECT id FROM login_users WHERE username='{$username}'), '{$new_note}')";
//echo $sql_query;
$result = $conn->query($sql_query);
$conn -> close();
// After processing, redirect to the same page to clear the form
unset($_POST['new_note']);
header("Location: " . $_SERVER['PHP_SELF']);
exit();
}
// Display list of all notes/comments
$sql_query = "SELECT notes.note, login_users.username FROM notes INNER JOIN login_users ON notes.login_user_id=login_users.id;";
//echo $sql_query;
$result = $conn->query($sql_query);
echo "
List of notes/comments
";
if (!empty($result) && $result->num_rows >= 1) {
while ($row = $result -> fetch_assoc()) {
echo "
";
echo "
" . $row["note"] . "
";
echo "
by " . $row["username"] . "
";
echo "
";
}
// Free result set
$result -> free_result();
} else {
echo "