The fourth level filters the left and right angle brackets ">","<" , we use events to bypass
In the source code, '>' and '<' are filtered, and tags are not used
Use htmlspecialchars() to filter tags, but not reassign $str , so it will not affect
Since the tag cannot be used, we will use the event to bypass, the payload
" onclick="alert(4)The first double quotation mark on the left is used to close the left double quotation mark of the value attribute, and the second double quotation mark is used to close the right double quotation mark of the value attribute.
The page code changes as follows
<input name=keyword value="'.$str3.'"> //拼接前
<input name=keyword value="" onclick="alert(4)"> //拼接后Click the input box, trigger the pop-up window, and pass the level
