Blocking XSS With Ajax
XHR("example.php");

<script language="javascript">
function XHR(url) {
function PoC() {
if (ro.readyState == 4) {
if (ro.status == 200) {
document.getElementById('response').innerHTML = ro.responseText;
} } }
var ro;
ro = new XMLHttpRequest();
ro.onreadystatechange = PoC;
ro.open("GET", url, true);
ro.send(null);
}
</script>

<div id="response"></div>

The PHP file to fetch:

<?
$sql = "select * from profiles";
$res = mysql_query($sql);
while($q=mysql_fetch_array($res)) {
?>

My name: <?=$q['name'];?>
My profiletext: <?=$q['profiletext'];?>
etc...

<?
}
?>
더보기

댓글,