Home >Backend Development >PHP Tutorial >Remember an attack on PHP chat room_PHP tutorial
Netizen "Xiao Hao" gave me a chat room IP and asked me to check it out. I originally wanted to hack into its server, but I probably didn't have the technology to do it. I tried it for more than ten minutes, but I still couldn't get in. So, I wanted to find out what bugs there were in this chat room. It can be seen that the chat room is built using PHP+MySQL. The columns include: user registration, forgotten password, modification of information, user suicide, chat list, chat description, and refresh list. Then came the chat.
I randomly registered a user name. According to my preferences, I like to open the xxxxxx user. In this way, I registered a user with xxxxxx. Log in.
Where to start? I think it's better to check the modified information first. Generally, there are loopholes in chat rooms. Click to modify the information, and then you will enter the next screen, where you need to enter your username and secret. After entering, the next step is to modify the data. YES! There is a user nickname in the data modification, which is actually the user name. Check the source file immediately and see the following HMTL statement:
====================== ===========================cut============