客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
由于程序是开源程序 并下载其程序看了一番。其实程序员还是有一点安全意识的: 防注入代码: 复制代码 代码如下://要过滤的非法字符 $ArrFiltrate = array ( "#union#i", "#<script#i", "#/script>#i", "#select#i", "#alert#i", "#javascript#i", "#<table#i", "#<td#i", "#\"#i", "#\'#i", "#delete#i", "#vbscript#i", "#applet#i", "#frame#i", "#<div#i", "#update#i", "#'#i", "#union #i", "#select #i", "#delete #i", "#update #i", "#and #i", "#;#i", "#update#i" ); $replacements=''; function FunStringExist(&$array,$ArrFiltrate,$replacements) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) FunStringExist($array[$key],$ArrFiltrate,$replacements); else $array[$key] = preg_replace($ArrFiltrate, $replacements, $value); } } } FunStringExist($_GET,$ArrFiltrate,$replacements); FunStringExist($_POST,$ArrFiltrate,$replacements); 这段代码多少还是有瑕疵的、只过滤www.ogeek.net get post 我们只要找调用request的地方 别一个文件并没有调用防注入程序,导致字符注入、但受gpc影响 复制代码 代码如下:header("Content-Type:text/html;charset=utf-8"); include "../comm/config.php"; $uname = trim($_GET["name"]); if($uname==''){ echo "true"; }else{ $con = @mysql_connect("$dbserver","$dbuser","$dbpass" )or die(ERR_DB); mysql_select_db("$dbname",$con)or die("can not choose the dbname!"); $query="select * from ".$BIAOTOU."user where ddusername='".$uname."'"; mysql_query("set names utf8"); $res=mysql_query($query); if(mysql_num_rows($res)!=0) {echo "true";} else {echo "false";} } 首先注册一个用户.让程序能过判断 ckuser.php?name=maxadd' and 1=1 and ''=' 返回true ckuser.php?name=maxadd' and 1=2 and ''=' 返回false |
请发表评论