Results 1 to 3 of 3

Thread: Execute the code

  1. #1
    Join Date
    Jul 2013

    Execute the code

    I have the following example code
    $Fname = $_POST["Fname"];
    $Lname = $_POST["Lname"];
    $gender = $_POST["gender"];
    $food = $_POST["food"];
    $quote = $_POST["quote"];
    $education = $_POST["education"];
    $TofD = $_POST["TofD"];
    if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
    <title>Personal INFO</title>
    <form method="post" action="<?php echo $PHP_SELF;?>">
    First Name:<input type="text" size="12" maxlength="12" name="Fname"><br />
    Last Name:<input type="text" size="12" maxlength="36" name="Lname"><br />
    Gender:<br />
    Male:<input type="radio" value="Male" name="gender"><br />
    Female:<input type="radio" value="Female" name="gender"><br />
    Please choose type of residence:<br />
    Steak:<input type="checkbox" value="Steak" name="food[]"><br />
    Pizza:<input type="checkbox" value="Pizza" name="food[]"><br />
    Chicken:<input type="checkbox" value="Chicken" name="food[]"><br />
    <textarea rows="5" cols="20" name="quote" wrap="physical">Enter your favorite quote!</textarea><br />
    Select a Level of Education:<br />
    <select name="education">
    <option value="Jr.High">Jr.High</option>
    <option value="HighSchool">HighSchool</option>
    <option value="College">College</option></select><br />
    Select your favorite time of day:<br />
    <select name="TofD" size="3">
    <option value="Morning">Morning</option>
    <option value="Day">Day</option>
    <option value="Night">Night</option></select><br />
    <input type="submit" value="submit" name="submit">
    } else {
    echo "Hello, ".$Fname." ".$Lname.".<br />";
    echo "You are ".$gender.", and you like ";
    foreach ($food as $f) {
    echo $f."<br />";
    echo "<i>".$quote."</i><br />";
    echo "You're favorite time is ".$TofD.", and you passed ".$education."!<br />";

    The url does not respond, What needs to change in the following code.

  2. #2
    Join Date
    Mar 2007
    Line 39 is <? when it should be <?php

    When that is fixed, my server outputs the following errors.

    Notice: Undefined index: Fname in C:\XAMPP\htdocs\forms.php on line 2
    Notice: Undefined index: Lname in C:\XAMPP\htdocs\forms.php on line 3
    Notice: Undefined index: gender in C:\XAMPP\htdocs\forms.php on line 4
    Notice: Undefined index: food in C:\XAMPP\htdocs\forms.php on line 5
    Notice: Undefined index: quote in C:\XAMPP\htdocs\forms.php on line 6
    Notice: Undefined index: education in C:\XAMPP\htdocs\forms.php on line 7
    Notice: Undefined index: TofD in C:\XAMPP\htdocs\forms.php on line 8


    What I did was change this

    PHP Code:
    $Lname $_POST["Lname"];
    $gender $_POST["gender"];
    $food $_POST["food"];
    $quote $_POST["quote"];
    $education $_POST["education"];
    $TofD $_POST["TofD"];
    if (!isset(
    $_POST['submit'])) { // if page is not submitted to itself echo the form
    to this

    PHP Code:
    if (isset($_POST['submit'])) { // if page is not submitted to itself echo the form
    $Fname $_POST["Fname"];
    $Lname $_POST["Lname"];
    $gender $_POST["gender"];
    $food $_POST["food"];
    $quote $_POST["quote"];
    $education $_POST["education"];
    $TofD $_POST["TofD"];

    "Hello, ".$Fname." ".$Lname.".<br />";
    "You are ".$gender.", and you like ";
    foreach (
    $food as $f) {
    $f."<br />";
    "<i>".$quote."</i><br />";
    "You're favorite time is ".$TofD.", and you passed ".$education."!<br />";

    and I changed this
    PHP Code:
    } else {
    echo "Hello, ".$Fname." ".$Lname.".<br />";
    echo "You are ".$gender.", and you like ";
    foreach ($food as $f) {
    echo $f."<br />";
    echo "<i>".$quote."</i><br />";
    echo "You're favorite time is ".$TofD.", and you passed ".$education."!<br />";
    to this
    PHP Code:
    Then I get no errors.

    I do seriously advise that you look in to how to properly sanitize inputs, the subject is searchable on this forum and forgive me for not giving an example but reinventing the wheel I am not about to do.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  3. #3
    Join Date
    Sep 2012
    Hi....In computer security, arbitrary code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shellcode to give an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution.

    It is the worst effect a bug can have because it allows an attacker to completely take over the vulnerable process. From there the attacker can potentially take complete control over the machine the process is running on. Arbitrary code execution vulnerabilities are commonly exploited by malware to run on a computer without the owner's consent or by an owner to run homebrew software on a device without the manufacturer's consent.

    Arbitrary code execution is commonly achieved through control over the program counter (also known as the instruction pointer) of a running process. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.12680 seconds
  • Memory Usage 2,874KB
  • Queries Executed 15 (?)
More Information
Template Usage (33):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (4)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (3)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (71):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates