Home > Article > Backend Development > 关于php漏洞

关于php漏洞

WBOYOriginal: 2016-06-23 14:33:11823browse

对于字符型注入是php比较麻烦的问题。因为safe_mode为On的时候会过滤'为\'

众所周知，\的编码是%5c

如果前面加个%d5的话，就和%5c构成一个汉字：诚

这样就可以很好的进入查询系统：

%d5%5c

注入形式为：

target.php?name=aa

测试：

target.php?name=aa%d5'

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：PHP die(message) 函数Next article：PDT + Xdebug 调试 PHP

See more

How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
How to use cURL to implement Get and Post requests in PHP
All expression symbols in regular expressions (summary)

关于php漏洞

Related articles