Target for XSS scan<\/title> \n<\/head> \n<body><\/p>\n<h1>XSS and SQL injections example:<\/h1>\nURL example: .\/TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20<\/i><\/p>\n <?php\n require(\".\/wp-config.php\");\n\n $conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);\n\n if ($conn->connect_error) { \n die(“DB connection error: ” . $conn->connect_error); \n }<\/p>\n $term = $_GET[‘term’]; \n if ($term) { \n echo “<\/p>\nParameter <code>term<\/code>: $term <\/p>\n“; \n }<\/p>\n $number = $_GET[‘id’]; \n if ($number) { \n $result_number = $conn->query(“SELECT * FROM wp_users WHERE id=$number”); \n if ($result_number) { \n foreach($result_number as $raw){ \n foreach($raw as $val){ \n echo $val . ” “; \n } \n } \n } else { \n echo “<\/p>\nError: ” . $conn->error . “<\/p>\n“; \n } \n }<\/p>\n $string = $_GET[‘name’]; \n if ($number) { \n $result_string = $conn->query(“SELECT * FROM wp_users WHERE user_login= ‘$string’ “); \n if ($result_string) { \n foreach($result_string as $raw){ \n foreach($raw as $val){ \n echo $val . ” “; \n } \n } \n } else { \n echo “<\/p>\nError: ” . $conn->error . “<\/p>\n“; \n } \n }<\/p>\n $conn->close(); \n ?><\/p>\n <script>\n const urlParams = new URLSearchParams(window.location.search);\n const amount = urlParams.get('amount');<\/p>\n eval(amount);\n <\/script> \n<\/body> \n<\/html><\/p>\n","protected":false},"excerpt":{"rendered":"Target for XSS scan XSS and SQL injections example: URL example: .\/TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52"}],"version-history":[{"count":0,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts\/52\/revisions"}],"wp:attachment":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":52,"date":"2026-04-07T16:13:20","date_gmt":"2026-04-07T16:13:20","guid":{"rendered":"https:\/\/qa-040726-3.sldev7.com\/?p=52"},"modified":"2026-04-07T16:13:20","modified_gmt":"2026-04-07T16:13:20","slug":"post-test_xss_and_sqli-php","status":"publish","type":"post","link":"https:\/\/qa-040726-3.sldev7.com\/?p=52","title":{"rendered":"Post .\/TEST_xss_and_sqli.php"},"content":{"rendered":"

\n
\n Target for XSS scan<\/title> \n<\/head> \n<body><\/p>\n<h1>XSS and SQL injections example:<\/h1>\nURL example: .\/TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20<\/i><\/p>\n <?php\n require(\".\/wp-config.php\");\n\n $conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);\n\n if ($conn->connect_error) { \n die(“DB connection error: ” . $conn->connect_error); \n }<\/p>\n $term = $_GET[‘term’]; \n if ($term) { \n echo “<\/p>\nParameter <code>term<\/code>: $term <\/p>\n“; \n }<\/p>\n $number = $_GET[‘id’]; \n if ($number) { \n $result_number = $conn->query(“SELECT * FROM wp_users WHERE id=$number”); \n if ($result_number) { \n foreach($result_number as $raw){ \n foreach($raw as $val){ \n echo $val . ” “; \n } \n } \n } else { \n echo “<\/p>\nError: ” . $conn->error . “<\/p>\n“; \n } \n }<\/p>\n $string = $_GET[‘name’]; \n if ($number) { \n $result_string = $conn->query(“SELECT * FROM wp_users WHERE user_login= ‘$string’ “); \n if ($result_string) { \n foreach($result_string as $raw){ \n foreach($raw as $val){ \n echo $val . ” “; \n } \n } \n } else { \n echo “<\/p>\nError: ” . $conn->error . “<\/p>\n“; \n } \n }<\/p>\n $conn->close(); \n ?><\/p>\n <script>\n const urlParams = new URLSearchParams(window.location.search);\n const amount = urlParams.get('amount');<\/p>\n eval(amount);\n <\/script> \n<\/body> \n<\/html><\/p>\n","protected":false},"excerpt":{"rendered":"Target for XSS scan XSS and SQL injections example: URL example: .\/TEST_xss_and_sqli.php?term=aaa&id=1&name=admin&amount=20<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52"}],"version-history":[{"count":0,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=\/wp\/v2\/posts\/52\/revisions"}],"wp:attachment":[{"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qa-040726-3.sldev7.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}