Compile a stealth Web program (taking PHP as an example ). This year, I have been writing a lot of things without motivation. you can see it. Basically, the CGI scanner (this includes the vast majority of SQL injection detection tools and the background Upload database scanner) it's been hard to write things over the past year. you can see it.
Basically, CGI scanners (this includes the vast majority of SQL injection detection tools, background/upload/database scanners)
All of them are determined by judging the HTTP response message code, that is, 200,404,400, and I believe I don't need to talk about HTTP here.
When the default browser encounters 40x or 50x, it will give you a default error page, but after "show Friendly HTTP error message" (IE) is canceled, the information in these error messages will be displayed (so there is no difference with the normal page ).
In this way, you can use the PHP header function to perform a trick:
Ob_start ();
Header ("HTTP/1.1 404 Not Found ");
?>
Sample
This is just a sample, created by fragment er!
I don't know if anyone has mentioned this before. I think it can be used to hide some background pages or backdoors.
(Remember to cancel "show Friendly HTTP error message", in IE)
Hey, cool, let's take a look at this stuff. basically, CGI scanners (this includes the vast majority of SQL injection detection tools, background/upload/database scanners) all...