admin管理员组

文章数量:1417070

Is it possible to Execute a javascript function from the URL?

Something like: .php?alert(HelloWorld);

That when this url is visited then it should run the script.

Is it possible to Execute a javascript function from the URL?

Something like: http://www.mysite./mypage.php?alert(HelloWorld);

That when this url is visited then it should run the script.

  • php
  • javascript
Share Improve this question edited Apr 24, 2013 at 9:51 Andreas Wong 60.6k19 gold badges111 silver badges123 bronze badges asked Apr 24, 2013 at 9:29 Deepak GuptaDeepak Gupta 211 gold badge1 silver badge3 bronze badges 6
  • The question here is probably not how, but why. What's your use case? :o – Andreas Wong Commented Apr 24, 2013 at 9:30
  • You can do by using the GET to get the query string... there may be other ways.. But i know only one.. – Hiren Pandya Commented Apr 24, 2013 at 9:30
  • the question is not HOW? the question is WHY???? – STT LCU Commented Apr 24, 2013 at 9:35
  • @SiGanteng ,@STT LCU : actually i wanna to make my site capable of executing javascript through address bar or in other words wanna to convert to a site that is vulnerable to XSS.This is just for a Experimental Purpose.That i came to know and stop vulnerabilities against XSS. – Deepak Gupta Commented Apr 24, 2013 at 10:15
  • @DeepakGupta just look at my answer. you'll be done in 30 seconds. – nl-x Commented Apr 24, 2013 at 10:17
 |  Show 1 more ment

4 Answers 4

Reset to default 1

On an arbitrary site? No, that would mean that browsers were creating a horrific XSS security vulnerability on every site.

On your site? You could write a server side script to read the query string and inject it into a <script> element … which would give your site the aforementioned horrific XSS security vulnerability.

That is not possible and would be a huge security issue. Set the script in the landing page and run it once it's loaded

It is an incredibly stupid thing to do. But you can... You won't need PHP. Just use Javascript.

In the <body onload=""> just put eval(decodeURIComponent(window.location.search.substr(1))); like this:

<body onload="eval(decodeURIComponent(window.location.search.substr(1)));">

Url should be like http://www.mysite./mypage.php?alert('HelloWorld');

(So lose the <script></script> in the url)

You can define it on your PHP file!

Your PHP file :

if($_GET['script'] == "1")
{
...do script
}

in your url :

http://youraddress./index.php?script=1

Customize it for yourself. wish helpful

本文标签: phpHow to Execute a Script in url of your siteStack Overflow

版权声明:本文标题:php - How to Execute a Script in url of your site - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745252841a2649926.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。