Examples of vulnerable PHP code? [closed]

前端未结

关注

 16  1681

盖世英雄少女心

相关标签:

16条回答

借酒劲吻你

2020-12-04 11:14

Check out the Open Web Application Security Project. They have explanations and examples of lots of different kinds of attacks. http://www.owasp.org/index.php/Category:Attack

0 讨论(0)
发布评论:

提交评论
- 加载中...

有刺的猬

2020-12-04 11:15

Another example of a sql-injection-vulnerable login script. This is unfortunately very common among new programmers.

$username = $_POST["username"];
$password = $_POST["password"];
$query = "SELECT username, password 
          FROM users 
          WHERE (username = '{$username}') 
            AND (password = '{$password}')";

0 讨论(0)

甜味超标

2020-12-04 11:17
A really common beginner's mistake is forget to terminate script execution after a redirect.
```
<?php
if ($_SESSION['user_logged_in'] !== true) {
    header('Location: /login.php');
}

omg_important_private_functionality_here();
```
The solution:
```
if ($_SESSION['user_logged_in'] !== true) {
    header('Location: /login.php');
    exit();
}
```
This can be missed when testing in a normal browser, because browsers usually follow the Location header without rendering any of the output of the script.
0 讨论(0)
发布评论:

提交评论
- 加载中...

栀梦

2020-12-04 11:19

The WRONG way to do templates.

<?php

  include("header.php");
  include($_GET["source"]); //http://www.mysite.com/page.php?source=index.php
  include("footer.php");

?>

0 讨论(0)

上一页 1 2 3

热议问题