Pre-login XSS - practice
Attackers can steal credentials by manipulating form actionunknown
php
2 years ago
2.5 kB
912
Indexable
<?php // check if the form was submitted if ($_SERVER['REQUEST_METHOD'] === 'POST') { // get the username and password from the form $username = isset($_POST['username']) ? $_POST['username'] : ""; $password = isset($_POST['password']) ? $_POST['password'] : ""; // check if the credentials are valid if ($username === 'jksdyf7y3748723@#@%' && $password === 'jksdyf7y3748723@#@%') { // redirect to the dashboard or homepage header('Location: dashboard.php'); exit; } else { // redirect back to the login page with an error message $error_message = 'Invalid username or password. Please try again.'; header('Location: auth.php?error=' . urlencode($error_message)); exit; } } ?> <!DOCTYPE html> <html lang="en"> <head> <!-- Author: Bipin Jitiya Website: win3zz.com Twitter: @win3zz --> <title>Login</title> <style> body { font-family: sans-serif; background-color: #f1f1f1; padding: 20px; } form { background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.2); padding: 20px; max-width: 400px; margin: 0 auto; } label { display: block; font-weight: bold; margin-bottom: 5px; } input[type="text"], input[type="password"] { border: 1px solid #ccc; border-radius: 3px; padding: 5px; width: 100%; margin-bottom: 10px; box-sizing: border-box; } button[type="submit"] { background-color: #007bff; color: #fff; border: none; border-radius: 3px; padding: 10px 20px; cursor: pointer; } button[type="submit"]:hover { background-color: #0069d9; } .error { color: #f44336; margin-top: 10px; } </style> </head> <body> <form action="auth.php" method="post"> <label for="username">Username:</label> <input type="text" id="username" name="username" required> <label for="password">Password:</label> <input type="password" id="password" name="password" required> <button type="submit">Login</button> <?php // check if an error message was passed in the URL if (isset($_GET['error'])) { $error_message = $_GET['error']; echo '<p class="error">' . $error_message . '</p>'; } ?> </form> </body> </html>
Editor is loading...