Skip to content
GitLab
Commit 8c09e9a6 authored by Леонид Мелентьев's avatar Леонид Мелентьев
Browse files

v1.1 есть всё точно

parent ca719b04
master
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 19 deletions
+19 -19
curl2.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --cookie test=hello --data pagepost=1 --data pagejost=2
\ No newline at end of file \ No newline at end of file
curl3.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2
\ No newline at end of file \ No newline at end of file
curl4.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request GET --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN"
\ No newline at end of file \ No newline at end of file
curl5.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2
\ No newline at end of file \ No newline at end of file
curl6.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php?page=<script>alert('hack!')</script>" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2
\ No newline at end of file \ No newline at end of file
curl7.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: x-form" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2
\ No newline at end of file \ No newline at end of file
curl8.sh
+ 1
1
View file @ 8c09e9a6
curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN" --cookie test=hello --data pagepost=1 --data pagejost=2 curl -v --request POST --url "http://localhost:8005/user_input.php?page=page1" --header "Content-Type: application/x-www-form-urlencoded" --header "X-Access-Token: SECRET_TOKEN"
\ No newline at end of file \ No newline at end of file
user_input.php
+ 12
12
View file @ 8c09e9a6
...@@ -16,6 +16,17 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') { ...@@ -16,6 +16,17 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
die(); die();
} }
if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
if ($_SERVER['CONTENT_TYPE'] != 'application/x-www-form-urlencoded') {
echo 'Ошибка, неверный тип данных<br>'.PHP_EOL;
die();
}
}
else {
echo 'Ошибка, неверный тип данных<br>'.PHP_EOL;
die();
}
$page = null; $page = null;
if (array_key_exists('page', $_GET)) { if (array_key_exists('page', $_GET)) {
$page = $_GET['page']; $page = $_GET['page'];
...@@ -33,24 +44,13 @@ else { ...@@ -33,24 +44,13 @@ else {
die(); die();
} }
if (array_key_exists('CONTENT_TYPE', $_SERVER)) {
if ($_SERVER['CONTENT_TYPE'] != 'application/x-www-form-urlencoded') {
echo 'Ошибка, неверный тип данных<br>'.PHP_EOL;
die();
}
}
else {
echo 'Ошибка, неверный тип данных<br>'.PHP_EOL;
die();
}
$pwalue = null; $pwalue = null;
if (empty($_POST)) { if (empty($_POST)) {
echo 'Ошибка, данные не заданы<br>'.PHP_EOL; echo 'Ошибка, данные не заданы<br>'.PHP_EOL;
die(); die();
} }
else { else {
echo 'Через POST передано '.count($_POST).'переменных<br>'.PHP_EOL; echo 'Через POST передано '.count($_POST).' переменных<br>'.PHP_EOL;
while ($pwalue = current($_POST)) { while ($pwalue = current($_POST)) {
echo htmlentities('Значение ['.key($_POST).'] : '.$pwalue); echo htmlentities('Значение ['.key($_POST).'] : '.$pwalue);
echo '<br>'.PHP_EOL; echo '<br>'.PHP_EOL;
......
Отчёт по заданию 1.1.docx 0 → 100644
+ 0
0
View file @ 8c09e9a6
File added
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment