Mengungkap Bahaya Cross-Site Scripting(XSS):Eksperimen dan Cara Mencegahnya

CREATE DATABASE xss_advanced;
USE xss_advanced;

CREATE TABLE comments (
  id INT AUTO_INCREMENT PRIMARY KEY,
  username VARCHAR(50),
  comment TEXT
);

2. Buat File db.php 

<?php
$conn = new mysqli("localhost", "root", "", "xss_advanced");
if ($conn->connect_error) {
    die("Koneksi gagal: " . $conn->connect_error);
}
?>

3. Buat File login.php

<?php
session_start();
if ($_POST) {
    if ($_POST['username'] == 'admin' && $_POST['password'] == '1234') {
        $_SESSION['username'] = 'admin';
        header("Location: dashboard.php");
        exit;
    } else {
        echo "Login gagal!";
    }
}
?>

<form method="POST">
  Username: <input name="username"><br>
  Password: <input name="password" type="password"><br>
  <input type="submit" value="Login">
</form>

4. Buat File dashboard.php

<?php
session_start();
if (!isset($_SESSION['username'])) {
    header("Location: login.php");
    exit;
}
echo "Selamat datang, " . $_SESSION['username'] . "<br>";
echo "<a href='comment_form.php'>Komentar</a>";

5. Buat file comment_form.php:

<form method="GET" action="">
  <input type="text" name="name">
  <input type="submit" value="Kirim">
</form>