1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?php
declare(strict_types=1);
namespace PhpMyAdmin\Tests\Html;
use PhpMyAdmin\Template;
use PhpMyAdmin\Tests\AbstractTestCase;
use PhpMyAdmin\Url;
/**
* @coversNothing
*/
class SecurityTest extends AbstractTestCase
{
/** @var Template */
protected $template;
protected function setUp(): void
{
parent::setUp();
$this->template = new Template();
}
protected function tearDown(): void
{
parent::tearDown();
unset($this->template);
}
public function testInjectCodeUsingTemplate(): void
{
$this->assertSame(
'?db=%3Cscript%3Ealert%28%27%26%3D%21%3A%3B%27%29%3B%3C%2Fscr'
. 'ipt%3E&table=%26mytable%3E1%3F&server=12'
. "\n"
. '?db=%22%27%22%3E%3Ciframe+onload%3Dalert%281%29%3E%D1%88%D0%B5%D0%BB%D0%BB%D1%8B'
. '&table=%26mytable%3E1%3F&server=12&%3Cscript%3E%26%3D=%3C%2Fscript%3E'
. "\n",
$this->template->render('test/add_data', [
'variable1' => Url::getCommon([
'db' => '<script>alert(\'&=!:;\');</script>',
'table' => '&mytable>1?',
'server' => 12,
]),
'variable2' => Url::getCommonRaw([
'db' => '"\'"><iframe onload=alert(1)>шеллы',
'table' => '&mytable>1?',
'server' => 12,
'<script>&=' => '</script>',
]),
])
);
$url1 = Url::getCommon([
'db' => '<script>alert(\'&=!:;\');</script>',
'table' => '&mytable>1?',
'server' => 12,
]);
$this->assertSame(
'?db=%3Cscript%3Ealert%28%27%26%3D%21%3A%3B%27%29%3B%3C%2Fscr'
. 'ipt%3E&table=%26mytable%3E1%3F&server=12',
$url1
);
$this->assertSame(
$url1
. "\n"
. '?db=%22%27%22%3E%3Ciframe+onload%3Dalert%281%29%3E%D1%88%D0%B5%D0%BB%D0%BB%D1%8B'
. '&table=%26mytable%3E1%3F&server=12&%3Cscript%3E%26%3D=%3C%2Fscript%3E'
. "\n",
$this->template->render('test/raw_output', [
'variable1' => $url1,
'variable2' => Url::getCommonRaw([
'db' => '"\'"><iframe onload=alert(1)>шеллы',
'table' => '&mytable>1?',
'server' => 12,
'<script>&=' => '</script>',
]),
])
);
}
}
|
