Home >Backend Development >PHP Tutorial >A brief discussion on the vulnerabilities and countermeasures of PHPWEB finished website_PHP Tutorial
Aluminum cutting machine I made a finished PHP website some time ago. The source code is the kind of source code that cost 10 yuan to package and buy hundreds of sets. However, not long after, my website was hacked by others, and I just added a lot of black links, which made Baidu classify my website as a risky website. Later, I checked the loopholes of this website everywhere, and found out that this website has two major loopholes:
The first point: that is, after the website is uploaded, There is install, which is the database setting backend www.xxxx.com/base/install. If you do not delete the files in the root directory of the install file in time after uploading, hackers can start from this place to hack your website;
Second point: That is the problem of website backend permissions. This is the most common problem of this finished website. That is, the backend login address is www.xxxx.com/admin. Although you have set the login name and password, you only need to set the login name and password. Enter both username and password: admin 'or '1'='1. 80% of this website can be entered. If you don't believe it, you can try it. Then after others enter, they can change everything to their own. I suffered a loss in this regard, and the countermeasure (I am a novice) is to change the backend login address to be more complicated, so that others cannot guess what backend address you set.
Aluminum cutting machine