apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/xpath_injection/php/unsafe_xpath_query.php
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

8 lines
307 B
PHP
Raw Blame History

<?php
// Unsafe: $_GET['user'] concatenated into an XPath expression and passed
// straight to SimpleXMLElement::xpath. XPATH_INJECTION fires on the
// expression argument.
$xml = simplexml_load_file("users.xml");
$user = $_GET['user'];
$expr = "//user[name='" . $user . "']";
$nodes = $xml->xpath($expr);
Reference in a new issue View git blame Copy permalink