From 0359ca33d40bb30e9155c7cec17a302a8815e0cf Mon Sep 17 00:00:00 2001
From: Pedro Lopes <83576881+pedrompflopes@users.noreply.github.com>
Date: Thu, 1 Feb 2024 10:52:36 +0000
Subject: [PATCH] Update insecure.php

---
 insecure.php | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/insecure.php b/insecure.php
index e69de29..a3a1ed3 100644
--- a/insecure.php
+++ b/insecure.php
@@ -0,0 +1,27 @@
+<?php
+
+// First a SQL Injection attack V9
+//$var = $_POST['var'];
+//mysql_query("SELECT * FROM sometable WHERE id = $var");
+
+//
+/// XSS example
+//
+$var = $_POST['var'];
+//echo "<div>$var</div>\n";
+
+
+//
+/// 2nd XSS example
+//
+$var = $_POST['varB'];
+echo "<div>$varB</div>\n";
+
+//
+/// Forget to terminate user input after a redirect
+//
+if ($_SESSION['user_logged_in'] !== true) {
+  header('Location: /login.php');
+}
+
+// Important private logic that shouldn't happen because we've already redirected the user!