{"id":26703,"date":"2020-02-02T17:08:20","date_gmt":"2020-02-02T09:08:20","guid":{"rendered":"http:\/\/4563.org\/?p=26703"},"modified":"2020-02-02T17:08:20","modified_gmt":"2020-02-02T09:08:20","slug":"%e3%80%90%e4%b8%8d%e6%87%82%e5%b0%b1%e8%a6%81%e9%97%ae%e3%80%91%e5%85%b3%e4%ba%8e-php-%e6%88%91%e8%af%a5%e5%ad%a6%e5%93%aa%e4%b8%aa%e7%ab%a0%e8%8a%82","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=26703","title":{"rendered":"\u3010\u4e0d\u61c2\u5c31\u8981\u95ee\u3011\u5173\u4e8e PHP \u6211\u8be5\u5b66\u54ea\u4e2a\u7ae0\u8282"},"content":{"rendered":"\n<p>  \t\t\t\t\t<strong>imsun<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2019-12-27 11:49:38\t<\/p>\n<h3>\u3010\u4e0d\u61c2\u5c31\u8981\u95ee\u3011\u5173\u4e8e PHP \u6211\u8be5\u5b66\u54ea\u4e2a\u7ae0\u8282<\/h3>\n<p>  \t\t\u6211\u60f3\u505a\u4e00\u4e2a&nbsp; &nbsp;<\/p>\n<p>  .com\/go.php?id=123<\/p>\n<p>  \u5f53 id \u6ca1\u6709\u503c\u6216\u8005\u4e3a\u7a7a\u7684\u8bdd\uff0c\u663e\u793a\u5185\u5bb9 A<br \/>  \u5f53 id \u6709\u503c\u7684\u8bdd \uff0c\u663e\u793a\u5185\u5bb9 B<\/p>\n<p>  \u672c\u8eab\u57fa\u7840\u7684\u770b\u5f97\u61c2\u4e00\u4e9b\u3002<\/p>\n<p>  \u6211\u5e94\u8be5\u5b66 PHP \u6559\u7a0b\u54ea\u4e2a\u7ae0\u8282\uff0c\u6c42\u5927\u4f6c\u6307\u8def\u3002  \t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>\u80d6\u80d6\u732a<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2019-12-27 12:01:55\t<\/p>\n<h3><\/h3>\n<p>  \t\t$id = empty($_GET[&#8216;id&#8217;])?:exit(&#8216;\u62a5\u9519 \u53c2\u6570id\u9519\u8bef&#8217;);\/\/url\u6709id\u624d\u7ee7\u7eed\u8fd0\u884c<\/p>\n<p>  if(!empty($_GET[&#8216;id&#8217;])){<br \/>  \/\/id\u6709\u5185\u5bb9<br \/>  }else{<br \/>  \/\/id\u6ca1\u5185\u5bb9<br \/>  }  \t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>jekyll<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2019-12-27 11:58:58\t<\/p>\n<h3><\/h3>\n<p>  \t\t\u732a\u516b\u621210\u5143\t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>\u96e8\u7075<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2019-12-27 12:04:14\t<\/p>\n<h3><\/h3>\n<p>  \t\tif (empty($_GET[&#8216;id&#8217;]) {<br \/>   echo &quot;A&quot;;<br \/>  } else {<br \/>   echo &quot;b&quot;;<br \/>  }\t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>dvbhack<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2019-12-27 12:09:34\t<\/p>\n<h3><\/h3>\n<p>  \t\t\u8868\u5355\u5904\u7406\u548c\u9884\u5b9a\u4e49\u53d8\u91cf<\/p>\n<p>  \u56e0\u4e3aurl\u7684query_string\u672c\u8d28\u4e0a\u4e5f\u53ef\u4ee5\u7eb3\u5165\u5230 GET \u8bf7\u6c42\u63d0\u4ea4\u7684\u8868\u5355\u6570\u636e\uff0c\u800c\u5b66\u4e60\u8868\u5355\u5904\u7406\uff0c\u4f60\u5728\u5b66\u4e60\u5904\u7406url\u67e5\u8be2\u53c2\u6570\u7684\u540c\u65f6\u4e5f\u53ef\u4ee5\u628aPOST\u63d0\u4ea4\u7684\u8868\u5355\u5982\u4f55\u5904\u7406\u4e5f\u5b66\u4e60\u4e86\u3002<\/p>\n<p>  \u5728 PHP \u4e2d\uff0c\u83b7\u53d6\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u662f\u653e\u5728\u4e86\u9884\u5b9a\u4e49\u53d8\u91cf\u4e2d\uff0c\u5305\u62ec URL \u67e5\u8be2\u53c2\u6570\uff08$_GET\uff09\u3001POST\u8868\u5355\uff08$_POST\uff09\uff0cCookies\uff08$_COOKIE\uff09\uff0c\u4e0a\u4f20\u6587\u4ef6\uff08$_FILES\uff09<\/p>\n<p>  \u5904\u7406\u7528\u6237\u8f93\u5165\u7684\u6570\u636e\uff0c\u662f web \u5b89\u5168\u4e2d\u6700\u5173\u952e\u7684\u4e00\u73af\uff08XSS\u3001CSRF\u3001SQL\u6ce8\u5165\u90fd\u53ef\u4ee5\u901a\u8fc7\u7528\u6237\u8f93\u5165\u7684\u6570\u636e\u53d1\u8d77\uff09\uff0c\u6240\u4ee5\u4f60\u5fc5\u987b\u8981\u540c\u65f6\u5b66\u4e60\u4e00\u4e0b\u5b89\u5168\u90e8\u5206\u6709\u5173\u7528\u6237\u8f93\u5165\u7684\u5904\u7406\u3002<\/p>\n<p>  PHP \u5b98\u65b9\u4e2d\u6587\u6587\u6863\uff1a<\/p>\n<p>  https:\/\/www.php.net\/manual\/zh\/reserved.variables.php<\/p>\n<p>  https:\/\/www.php.net\/manual\/zh\/security.variables.php\t\t\t  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>imsun \u5927\u4f6c\u6709\u8bdd\u8bf4 : 201&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/26703"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26703"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/26703\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26703"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}