https://netrom-xmas2021-dev.stage04.netromsoftware.ro/?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION%20SELECT%20ALL%20FROM%20information_schema%20AND%20%27%20or%20SLEEP%285%29%20or%20%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd

Method
GET
HTTP Status
200
IP
27.124.20.185
Profiled on
Token
ec1235

SwaggerUiAction

Request

GET Parameters

Key Value
a 
"<script>alert("XSS");</script>"
b 
"UNION SELECT ALL FROM information_schema AND ' or SLEEP(5) or '"
c 
"../../../../etc/passwd"

POST Parameters

No POST parameters

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_access_control_attributes 
null
_api_respond 
"true"
_controller 
"api_platform.swagger.action.ui"
_firewall_context 
"security.firewall.map.context.main"
_format 
""
_links 
Fig\Link\GenericLinkProvider {#1977
  -links: [
    "000000002880fce10000000068cebbf7" => Fig\Link\Link {#1976
      -href: "https://netrom-xmas2021-dev.stage04.netromsoftware.ro/docs.jsonld"
      -rel: [
        "http://www.w3.org/ns/hydra/core#apiDocumentation" => true
      ]
      -attributes: []
    }
  ]
}
_route 
"api_entrypoint"
_route_params 
[
  "_format" => ""
  "_api_respond" => "true"
  "index" => "index"
]
index 
"index"

Request Headers

Header Value
accept 
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
accept-encoding 
"gzip, deflate"
accept-language 
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
connection 
"close"
cookies 
""
host 
"netrom-xmas2021-dev.stage04.netromsoftware.ro"
user-agent 
"Mozilla/5.0 (Linux; U; Android 10; zh-cn; MIX 2S Build/QKQ1.190828.002) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/11.8.14"
x-php-ob-level 
"1"

Request Content

Request content not available (it was retrieved as a resource).

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sun, 12 Jan 2025 08:24:22 GMT"
link 
"<https://netrom-xmas2021-dev.stage04.netromsoftware.ro/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation""
x-debug-token 
"ec1235"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_ENV 
"dev"
APP_SECRET 
"!ChangeMe!"
CORS_ALLOW_ORIGIN 
"^https?://(localhost|xmas.stage04.netromsoftware.ro|127\.0\.0\.1)(:[0-9]+)?$"
DATABASE_URL 
"mysql://netrom-xmas-usr:r4nd0mpssst@192.168.168.240:3306/netrom_xmas_2021?server_version=5.7"
MERCURE_JWT_TOKEN 
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOltdfX0.Oo0yg7y4yMa1vr_bziltxuTCqb8JVHKxp-f_FwwOim0"
MERCURE_PUBLISH_URL 
"https://mercure/.well-known/mercure"
MERCURE_SUBSCRIBE_URL 
"https://localhost:1337/.well-known/mercure"
TRUSTED_HOSTS 
"^(localhost|api|192.168.168.240|netrom-xmas2021-dev.stage04.netromsoftware.ro|xmas.stage04.netromsoftware.ro)$"
TRUSTED_PROXIES 
"127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.168.240/24"
VARNISH_URL 
"http://cache-proxy"

Defined as regular env variables

Key Value
APP_DEBUG 
"1"
CONTEXT_DOCUMENT_ROOT 
"/var/www2/netrom/2021-12-xmas/api/public"
CONTEXT_PREFIX 
""
DOCUMENT_ROOT 
"/var/www2/netrom/2021-12-xmas/api/public"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/var/www"
HTTPS 
"on"
HTTP_ACCEPT 
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
HTTP_ACCEPT_ENCODING 
"gzip, deflate"
HTTP_ACCEPT_LANGUAGE 
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
HTTP_CONNECTION 
"close"
HTTP_COOKIES 
""
HTTP_HOST 
"netrom-xmas2021-dev.stage04.netromsoftware.ro"
HTTP_USER_AGENT 
"Mozilla/5.0 (Linux; U; Android 10; zh-cn; MIX 2S Build/QKQ1.190828.002) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/11.8.14"
PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
PHP_SELF 
"/index.php"
QUERY_STRING 
"a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd"
REDIRECT_HTTPS 
"on"
REDIRECT_QUERY_STRING 
"a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd"
REDIRECT_SSL_TLS_SNI 
"netrom-xmas2021-dev.stage04.netromsoftware.ro"
REDIRECT_STATUS 
"200"
REDIRECT_URL 
"/"
REMOTE_ADDR 
"27.124.20.185"
REMOTE_PORT 
"64702"
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"https"
REQUEST_TIME 
1736670262
REQUEST_TIME_FLOAT 
1736670262.9247
REQUEST_URI 
"/?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd"
SCRIPT_FILENAME 
"/var/www2/netrom/2021-12-xmas/api/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"81.18.67.112"
SERVER_ADMIN 
"[no address given]"
SERVER_NAME 
"netrom-xmas2021-dev.stage04.netromsoftware.ro"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SIGNATURE 
"<address>Apache/2.4.38 (Debian) Server at netrom-xmas2021-dev.stage04.netromsoftware.ro Port 443</address>\n"
SERVER_SOFTWARE 
"Apache/2.4.38 (Debian)"
SSL_TLS_SNI 
"netrom-xmas2021-dev.stage04.netromsoftware.ro"
SYMFONY_DOTENV_VARS 
"MERCURE_SUBSCRIBE_URL,VARNISH_URL,APP_ENV,APP_SECRET,TRUSTED_PROXIES,TRUSTED_HOSTS,DATABASE_URL,CORS_ALLOW_ORIGIN,MERCURE_PUBLISH_URL,MERCURE_JWT_TOKEN"
USER 
"www-data"
proxy-nokeepalive 
"1"