´ÓphpÏòJavaScript±äÁ¿´«Öµ
<?php
$conn = "what's the fucking";
?>
<mce:script type="text/javascript"><!--
var innn = "<?php echo $conn ?>";
document.write(innn);
// --></mce:script>
phpºÍJavaScriptµÄ±äÁ¿²»ÄÜͨÓ㬵«µ±ÎÒÃÇÐèÒªÔÚÒ»¸öÒ³ÃæʹÓÃͬһ¸ö±äÁ¿Ê±£¬¿ÉÒÔÔÚJavaScriptÀïǶÈëphp´úÂëʵÏÖ¡£
Ïà¹ØÎĵµ£º
ËùÐèÈí¼þ£¨×¢Òâ°æ±¾£¡£©£º
Apache2.2.3
PHP5.1.5
MySQL5.0.24
ÕâÈý¸öÈí¼þ¶¼ÊÇÃâ·ÑµÄ£¬¿É´Ó¹ÙÍøÉÏÏÂÔØ£¬Ä¿Ç°ÎÒËùÓеÄÈí¼þÃûΪ£º
apache_2.2.3-win32-x86-no_ssl.msi
mysql-5.0.24-win32.zip
php-5.1.5-Win32.zip
»ùÓÚwindows²Ù×÷ϵͳ£¬ÔÚWindows XPÏ°²×°Ê¹Óãº
1¡¢°²×°¹ý³Ì£º
Ê×ÏÈ°²×°Apache·þÎñÆ÷£¬Ë«»÷apa ......
1¡¢PHP4ÒÔºó»ñÈ¡´«ÖµµÄ·½·¨
Ò»°ãÔÚÒ³ÃæÖд«Öµ³£¼ûµÄÊÇPOST¡¢GETºÍCOOKIE¼¸ÖÖ£¬ËùÒÔÏÂÃæÎÒÒ²Ö÷Òª½éÉÜÕ⼸ÖÖ¡£PHP4ÒԺ󶼲ÉÓõÄÊÇ$_POST¡¢$_GETµÈÊý×éÀ´»ñÈ¡ÍøÒ³´«Öµ¡£ÔÚPHP3.0¼°ÒÔÏ°汾¶¼ÊÇÓõÄÊÇ$HTTP_POST_VARS¡¢$HTTP_GET_VARSµÈÊý×飬¾ßÌå´úÂëÈçÏÂ
echo $_POST['dopost'];
?>
< form action="weste_net.php" ......
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°
£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒà ......
ҪʹÄúµÄFCKeditorÄܹ»Ê¹ÓÃÉÏ´«¹¦ÄÜ£¬Äú±ØÐë½øÐÐÒÔÏÂÅäÖÆ¡£
×¢Ò⣺FCKeditor²»Ö§³ÖÐéÄâĿ¼£¬ÄúµÄ·¾¶ÉèÖö¼ÊÇÕë¶ÔÍøÕ¾¸ùĿ¼µÄ¾ø¶Ô·¾¶¶øÑԵġ£Õâµã¶ÔÓÚ·¢²¼µ½Ô¶³ÌÍøվĿ¼µÄ¿ª·¢Õß¼«Îª²»±ã£¬ºóÃæÎÒÃÇ»á¶Ô´Ë½øÐÐÌÖÂÛ¡£
Ò»¡¢´ò¿ªfckeditor\editor\filemanager\upload\php\config.php£¬ÕÒµ½´úÂë$Config['Enabled']£¬½«Öµ ......
