Lab - PHP with HTML Forms
Forms:
- Set up a form and a PHP page to process it using HTTP GET.
- PHP echos back the argument.
Hacking attack: Overwrite PHP vars
- Use the unsafe parse_str method and see how to set any variable.
Hacking attack: Inject CSS
- Use the safe parse_str method, but simple echo back of the argument.
- See the security problem with injecting CSS.
Get an injection that catastrophically changes the style of the page.
- Fix the injection problem
Get PHP to output image (no HTML).
- What happens if you omit the Content-Type: line?
- What happens if you output a blank line before the PHP starts?
Strange isn't it?
See HTTP response format.
Random image
- Get the random image program working for 4 images.
- Consult the PHP manual to see how to get 4 random numbers.