´ÓphpÏòJavaScript±äÁ¿´«Öµ
<?php
$conn = "what's the fucking";
?>
<mce:script type="text/javascript"><!--
var innn = "<?php echo $conn ?>";
document.write(innn);
// --></mce:script>
phpºÍJavaScriptµÄ±äÁ¿²»ÄÜͨÓ㬵«µ±ÎÒÃÇÐèÒªÔÚÒ»¸öÒ³ÃæʹÓÃͬһ¸ö±äÁ¿Ê±£¬¿ÉÒÔÔÚJavaScriptÀïǶÈëphp´úÂëʵÏÖ¡£
Ïà¹ØÎĵµ£º
1¡¢PHP4ÒÔºó»ñÈ¡´«ÖµµÄ·½·¨
Ò»°ãÔÚÒ³ÃæÖд«Öµ³£¼ûµÄÊÇPOST¡¢GETºÍCOOKIE¼¸ÖÖ£¬ËùÒÔÏÂÃæÎÒÒ²Ö÷Òª½éÉÜÕ⼸ÖÖ¡£PHP4ÒԺ󶼲ÉÓõÄÊÇ$_POST¡¢$_GETµÈÊý×éÀ´»ñÈ¡ÍøÒ³´«Öµ¡£ÔÚPHP3.0¼°ÒÔÏ°汾¶¼ÊÇÓõÄÊÇ$HTTP_POST_VARS¡¢$HTTP_GET_VARSµÈÊý×飬¾ßÌå´úÂëÈçÏÂ
echo $_POST['dopost'];
?>
< form action="weste_net.php" ......
Php×¢Èë¹¥»÷ÊÇÏÖ½ñ×îÁ÷ÐеĹ¥»÷·½Ê½£¬ÒÀ¿¿ËüÇ¿´óµÄÁé»îÐÔÎüÒýÁ˹ã´óºÚÃÔ¡£
ÔÚÉÏÒ»Æڵġ¶php°²È«Óë×¢ÉäרÌâ¡·ÖÐÁÖ.linxÖ÷Òª½²ÊöÁËphp³ÌÐòµÄ¸÷ÖÖ©¶´£¬Ò²½²µ½ÁËphp£«mysql×¢ÈëµÄÎÊÌ⣬¿ÉÊǽ²µÄ×¢ÈëµÄÎÊÌâ±È½ÏÉÙ£¬ÈÃÎÒÃǸоõûÓо¡ÐËÊÇ°É.
OK,ÕâÒ»ÆÚÎÒ½«¸ø´ó¼Ò»ï×Ð×ÐϸϸµÄ´µÒ»´µphp£«mysql×¢È룬һ¶¨ÈÃÄãÂúÔضø¹éŶ ......
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°
£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒà ......
