Inject pseudo-static websites

Source: Internet
Author: User
Tags website injection

Inject pseudo-static websites

As for the pseudo-static website injection method, laruence literacy comes. Generally, the url of the dynamic script website is similar to the following:

Http:// Id = 111

This is what happens after pseudo-static operations.


The slash "/slash is used to replace the cookie injection and add .html at the bottom. As a result, tools cannot be directly used for injection. Now we will discuss how to use tools for injection. We all know that cookies are being injected, in fact, the principle is similar. We write a dynamic web page script, construct our own url rules, and access the target page through this page!

That is, we change the pseudo-static url rule back to the original? Id = 123 to form a common url that can be easily injected.

Okay, try it out! I set up a simple injection point using thikphp locally, because thinkphp comes with simple pseudo-static, which is more convenient for demonstration.

The SQL statement for this injection point is as follows: the id for receiving get

SELECT account AS username, password FROM think_user WHERE id = 1

The page url is as follows:


Change the value by 111 to inject!

If I am familiar with php, use php to write an injection transit page.

Source code of the tmd. php transit page:

set_time_limit(0);$id=$_GET[“id”];$id=str_replace(” “,”%20″,$id);$id=str_replace(“=”,”%3D”,$id);//$url = “$id.html“;$url = “$id.html“;//echo $url; $ch = curl_init();curl_setopt($ch, CURLOPT_URL, “$url”);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0); $output = curl_exec($ch);curl_close($ch);print_r($output);

Save this file as tmd. php. the url of this file is as follows:


Place the $ id generated for injection at the specified location based on the pseudo-static rules on the target page. As shown above.

The principle is to use curl to obtain the content of the target page (similar to accessing the target page directly). You only need to modify the content of $ url to adapt to various pseudo-static rules.

The script is relatively simple. If you have children's shoes, you can add post, proxy, referer, and other functions as needed.

Are we visiting now? Id = 1, 111,

That is equivalent to accessing,

Now we can take Id = 111 the connection is injected into the tool.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.