phpѧϰ±Ê¼Ç
1¡¢$_SERVER['SCRIPT_NAME']¡¢$_SERVER['PHP_SELF']ºÍ$_SERVER['REQUEST_URI']Çø±ð
Àý×Ó:http://localhost/phpwind75/test.php/%22%3E%3Cscript%3Ealert(’xss’)%3C/script%3E%3Cfoo
$_SERVER['SCRIPT_NAME']Ö»»ñÈ¡½Å±¾Ãû£¬²»»ñÈ¡²ÎÊý,Êä³ö½á¹ûΪ:test.php;
$_SERVER['PHP_SELF']»ñÈ¡½Å±¾Ãûºó£¬Í¬Ê±»ñÈ¡²ÎÊýÊý¾Ý£¬²¢¶Ô²ÎÊýÊý¾Ý½øÐÐÒ»´Îurldecode²Ù×÷£¬Ò׳öÏÖ¿çÕ¾¹¥»÷ÏÖÏó,Êä³ö½á¹ûΪ:
"><script>alert('xss')</script><foo
$_SERVER['REQUEST_URI']»ñÈ¡½Å±¾Ãûºó£¬Í¬Ê±»ñÈ¡²ÎÊýÔʼÊý¾Ý,²Ù×÷½á¹ûΪ£º
test.php/%22%3E%3Cscript%3Ealert(’xss’)%3C/script%3E%3Cfoo
2¡¢urldecodeÓërawurldecodeÇø±ð
urldecode½«"+"½âÎöΪ" ",¶ørawurldecodeÔò²»½âÎö
3¡¢&&Óë||ÓÅÏȼ¶ÎÊÌâ
&&¼¶±ð±È||¸ß
4¡¢È«¾Ö±äÁ¿ÎÊÌâ
Èç¹ûÔÚͬһ¸öÎļþÄÚ$a= $_GLOBALS[a];
ÔÚº¯ÊýÖÐÈç¹ûÒªÒýÓÃÈ«¾Ö±äÁ¿Ôò±ØÐë:global $a;·ñÔòÖ»ÊÇ˽ÓбäÁ¿
ÀýÈ磺
global $a;
$a=2;
function test(){
echo $a;
}
test();
Õâ¸ö½á¹û½«Îª¿Õ
¶ø
global $a;
$a=2;
function test(){
global $a;
echo $a;
}
test();
Õâ¸ö½á¹û½«Îª:2,
Èç¹ûʹÓÃ$_GLOBALS[a]µÄ»°£¬Ôò½á¹ûҲΪ2:
global $a;
$a=2;
function test(){
echo $GLOBALS[a];
}
test();
Ïà¹ØÎĵµ£º
¿ÉÓÃÓÚphpµÄ¼ÆÊýÆ÷ºÍ±íµ¥µÄÌá½»£¬·ÀÖ¹·´¸´Ë¢Ð¡£
¸´ÖÆ´úÂë
<?php
session_start();
$allow_sep = "30000";
if (isset($_SESSION["post_sep"]))
{
if (time() - $_SESSION["post_sep"] < $allow_sep)
{
exit("Çë²»Òª·´¸´Ë¢ÐÂ");
}
else
{
$_SESSION["post_sep"] = time();
}
}
e ......
1¡¢mysql_connect()-½¨Á¢Êý¾Ý¿âÁ¬½Ó {3RY4H�VT?
¸ñʽ£º Fv n:V\�eb
resource mysql_connect([string hostname [:port] [:/path/to/socket] [, string username] [, string password]]) _I;+p� eq
Àý£º 1(V>8�}zn
$conn = @mysql_connect("localhost", "username", "password") or dir(" ......
void header ( string string [, bool replace [, int http_response_code]] )
void header ( string string [, bool replace [, int http_response_code]] )
header()ÊÇÓÃÀ´·¢ËÍ HTTP HeaderµÄ¡£replaceÊǸö¿ÉÑ¡µÄ²ÎÊý£¬Ö¸Ê¾ÊÇ·ñÌæ´úÒ»¸öÏÈÆÚÏàËƵÄheader£¬
......
asp,asp.net,php,jspϵÄ301תÏò´úÂë
ʹÓÃ.htaccessÎļþÀ´½øÐÐ301Öض¨Ïò¡£
Èç¹û¿Õ¼ä²»Ö§³Ö.htaccessÎļþ£¬ÄÇôÎÒÃÇ»¹¿ÉÒÔͨ¹ýphp/asp´úÂëÀ´½øÐÐ301Öض¨Ïò¡£
ΪÁ˽«ËÑË÷ÒýÇæµÄ¼Ç¼¸üе½ÏÖÔÚµÄÓòÃûÉÏÃæ,×öÁ˼¸¸ö301Öض¨ÏòµÄ¶«¶«,¸ø´ó¼Ò·ÖÏíÒ»ÏÂ.
asp 301תÏò´úÂë
ÔÚ index.asp »ò default.asp µÄ×²¿¼ÓÈëÒÔ ......
1.globalÔÚÕû¸öÒ³ÃæÆð×÷Óá£
2.staticÖ»ÔÚfunctionºÍclassÄÚÆð×÷Óá£
globalºÍ$GLOBALSʹÓûù±¾Ïàͬ£¬µ«ÔÚʵ¼Ê¿ª·¢Öдó²»Ïàͬ¡£
globalÔÚº¯Êý²úÉúÒ»¸öÖ¸Ïòº¯ÊýÍⲿ±äÁ¿µÄ±ðÃû±äÁ¿£¬¶ø²»ÊÇÕæÕýµÄº¯ÊýÍⲿ±äÁ¿£¬Ò»µ«¸Ä±äÁ˱ðÃû±äÁ¿µÄÖ¸ÏòµØÖ·£¬¾Í»á·¢ÉúһЩÒâÁϲ»µ½Çé¿ö£¬ÀýÈçÀý×Ó1.
$GLOBALS[]ȷȷʵʵµ÷ÓÃÊÇÍⲿµÄ±äÁ¿£ ......
