Here is your task: The addslahes function disallows some SCRIPT elements from being executed.

However, if you understand how the control works, you can bypass this control. Your task is to

bypass the control and have the JavaScript execute.

To bypass this function, follow these steps:

$$ Refer to reputable sources for an explanation of how the addslashes function works.

$$ Research code vulnerability databases to see how others have bypassed this control.

$$ Pentest the site armed with the information learned and the procedure demonstrated in this

section. Here the procedure for pentesting:

$$ Clear the file as needed.

$$ echo $">/$var$/$www$/$WebServer$/$com$.$html

$$ Add contents to the comment field to see if it bypasses the control.

$$

$$ View the page source to determine what did or did not get injected.

$$ Repeat the process outlined above$\mathrm{.}8$ Execute the following command to open the successful

login page.

support@Web: $ sudo nano $-$c

$/$var$/$www$/$WebServer$/$login$\_$success.php

Processing triggers for libc$-$bin $...$

ldconfig deferred processing now taking place

support@Web: $$; sudo nano $-$c $/$var$/$www$/$WebServer$/$login$\_$success.php

$9$ Scroll down to lines $20$ and $21$ and wrap

$$\_$POST$[\text{'}$comment$\text{'}]$ functions with addslashes$().$

if $($$$\_$PQST$)\{$

$name $=$ addslashes$($$$\_$POST$[\text{'}$name$\text{'}])$;

$comment $=$ addslashes$($$$\_$POST$[\text{'}$comment$\text{'}])$;

$(1$if $($$$\_$POST$)\{$

$name $=$ addslashes$($$$\_$POST$[\text{'}$name$\text{'}])$;

$comment $=$ addslashes$($$$\_$POST$[\text{'}$comment$\text{'}])$;