Introduction

I've foreseen a space on my FTP server where you can create your own labs. You are going to create them, hack them, and secure them before you learn what I mean by using the right filter for the right job.

Make a connection

• [ ] FTP connection: hackxpert.com
  • [ ] User: Training
  • [ ] Password: test
• [ ] Create a new file on the server
  • [ ] Use “nickname.php” for example “rat.php” where the nickname can be anything, as long as you can copy and paste it

Build an HTML tag injection lab

Add the following code to your file (If you have to make the file locally, add the copy and copy it onto the server).

<?php
if(isset($_GET['fname'])){
echo $_GET['fname'];
}
?>
<form>
<label for="fname">First name:</label><br>
<input type="text" id="fname" name="fname" value="John"><br>
<input type="submit" value="Submit">
</form>

Make sure to replace <form action="FILENAME.php"> with the name of your actual file.

Now hack it!!

Navigate to https://hackxpert.com/Training/YOURFILE.php

Replace YOURFILE.php with the name of your file. Make sure you uploaded it to FTP server. Now you can try to hack your own work.

Possible attack vectors

If you have not hacked the previous lab yet, stop reading here.

We can use any attack vector on this lab. <script>alert()</script> works here.

Let's secure it now

Whatever attack vector you used, we are going to filter it now. Replace the following line

echo $_GET['fname'];

with

echo str_replace("script","",$_GET['fname']);