Fuck, fix the bug, how do I fix this bug
There are 2 PHP files
1.php
echo ' 1 ';
?>
2.php
echo ' 2 ';
?>
Input in Browser
http://localhost/1.php/2.php
Will output 1
, in order to save trouble, I would like to directly prompt the browser address is illegal, how to do?
Share to:
------Solution--------------------
But the http://localhost/1.php/2.php is not illegal, why should prompt illegal?
Where the/2.php will be stored in the $_server[' path_info '] variable
------Solution--------------------
As the upstairs said, not illegal. However, it is easy to implement, get the input URL, intercept the file name, make a simple judgment
$url = "http://localhost/1.php/2.php";
$filename = basename ($url);
if ($filename! = "1.php") {
echo "";
}
------Solution--------------------
Do not know what to use, it is recommended to do a anti-jumps over, single to the entrance
PS: Pro, the points are too low
------Solution--------------------
How to verify if website is vulnerable?
If, for example, the Http://www.example.com/admin/URL to access store admin, try to open http://www.example.com/admin /orders.php/login.php. If you won't see login screens you is in danger!
How to verify that the website is fragile?
If, for example, you use the http://www.example.com/admin/URL to access storage management, try to open http://www.example.com/admin/orders.php/login.php. If you don't see the login screen, you're in danger!
And what I see is
I'm in danger?
Joke!
