phpѧϰ±Ê¼Ç
1¡¢$_SERVER['SCRIPT_NAME']¡¢$_SERVER['PHP_SELF']ºÍ$_SERVER['REQUEST_URI']Çø±ð
Àý×Ó:http://localhost/phpwind75/test.php/%22%3E%3Cscript%3Ealert(’xss’)%3C/script%3E%3Cfoo
$_SERVER['SCRIPT_NAME']Ö»»ñÈ¡½Å±¾Ãû£¬²»»ñÈ¡²ÎÊý,Êä³ö½á¹ûΪ:test.php;
$_SERVER['PHP_SELF']»ñÈ¡½Å±¾Ãûºó£¬Í¬Ê±»ñÈ¡²ÎÊýÊý¾Ý£¬²¢¶Ô²ÎÊýÊý¾Ý½øÐÐÒ»´Îurldecode²Ù×÷£¬Ò׳öÏÖ¿çÕ¾¹¥»÷ÏÖÏó,Êä³ö½á¹ûΪ:
"><script>alert('xss')</script><foo
$_SERVER['REQUEST_URI']»ñÈ¡½Å±¾Ãûºó£¬Í¬Ê±»ñÈ¡²ÎÊýÔʼÊý¾Ý,²Ù×÷½á¹ûΪ£º
test.php/%22%3E%3Cscript%3Ealert(’xss’)%3C/script%3E%3Cfoo
2¡¢urldecodeÓërawurldecodeÇø±ð
urldecode½«"+"½âÎöΪ" ",¶ørawurldecodeÔò²»½âÎö
3¡¢&&Óë||ÓÅÏȼ¶ÎÊÌâ
&&¼¶±ð±È||¸ß
4¡¢È«¾Ö±äÁ¿ÎÊÌâ
Èç¹ûÔÚͬһ¸öÎļþÄÚ$a= $_GLOBALS[a];
ÔÚº¯ÊýÖÐÈç¹ûÒªÒýÓÃÈ«¾Ö±äÁ¿Ôò±ØÐë:global $a;·ñÔòÖ»ÊÇ˽ÓбäÁ¿
ÀýÈ磺
global $a;
$a=2;
function test(){
echo $a;
}
test();
Õâ¸ö½á¹û½«Îª¿Õ
¶ø
global $a;
$a=2;
function test(){
global $a;
echo $a;
}
test();
Õâ¸ö½á¹û½«Îª:2,
Èç¹ûʹÓÃ$_GLOBALS[a]µÄ»°£¬Ôò½á¹ûҲΪ2:
global $a;
$a=2;
function test(){
echo $GLOBALS[a];
}
test();
Ïà¹ØÎĵµ£º
ͨ¹ýħÊÞ¿´PHPÉè¼Æģʽ
Ç°¶Îʱ¼ä¿´µ½ÓÐÈËÓÃħÊÞÀ´½âÊÍÉè¼Æģʽ£¬¸Ð¾õºÜÓÐÒâ˼£¬ÓÚÊÇÎÒ°ÑËü¸ÄÁ˸ģ¬ÓÖÌí¼ÓÁËЩÉè¼ÆģʽÄÚÈÝ£¬½ñÌì·¢³öÀ´¡£ÓÐЩµØ·½½è¼øÁËÇ°È˵ÄÄÚÈÝ£¬Ã»ÓÐ×¢Ã÷£¬ÇëÇ°È˲»Òª¼û¹Ö°¡¡£
ÕâÀïÓôó¼Ò¸ÐÐËȤµÄħÊÞ3À´ÌÖÂÛPHPµÄ¼¸ÖÖ³£¼ûµÄÉè¼Æģʽ£ºµ¥¼þģʽ¡¢²ßÂÔģʽ¡¢¹¤³§Ä£Ê½¡¢¹Û²ìÕßģʽ¡£½ñÌì¾Í½²ÕâËĸö°É£¬Ò ......
1¡¢mysql_connect()-½¨Á¢Êý¾Ý¿âÁ¬½Ó {3RY4H�VT?
¸ñʽ£º Fv n:V\�eb
resource mysql_connect([string hostname [:port] [:/path/to/socket] [, string username] [, string password]]) _I;+p� eq
Àý£º 1(V>8�}zn
$conn = @mysql_connect("localhost", "username", "password") or dir(" ......
1.globalÔÚÕû¸öÒ³ÃæÆð×÷Óá£
2.staticÖ»ÔÚfunctionºÍclassÄÚÆð×÷Óá£
globalºÍ$GLOBALSʹÓûù±¾Ïàͬ£¬µ«ÔÚʵ¼Ê¿ª·¢Öдó²»Ïàͬ¡£
globalÔÚº¯Êý²úÉúÒ»¸öÖ¸Ïòº¯ÊýÍⲿ±äÁ¿µÄ±ðÃû±äÁ¿£¬¶ø²»ÊÇÕæÕýµÄº¯ÊýÍⲿ±äÁ¿£¬Ò»µ«¸Ä±äÁ˱ðÃû±äÁ¿µÄÖ¸ÏòµØÖ·£¬¾Í»á·¢ÉúһЩÒâÁϲ»µ½Çé¿ö£¬ÀýÈçÀý×Ó1.
$GLOBALS[]ȷȷʵʵµ÷ÓÃÊÇÍⲿµÄ±äÁ¿£ ......
