Php header () usage problems caused by WebInspect attacks
The latest project was under severe attacks by the test group, exposing many problems. One of the questions is impressive!
The WebInspect scanning tool was used in the test to scan the entire website, including the background. As a result, a large amount of junk data is injected into our database and the original data is modified. In short, it's terrible!
Later, we found that there was a problem with a simple method of checking whether to log on to the background: when determining whether to log on, we used php header () to jump to the page, the execution is not exited after this method is executed. In this case, the page is redirected, but the code under header () will still be executed.
The following is a summary of the php header () usage notes:
1. There must be no space between location and:. Otherwise, an error will occur.
2. There cannot be any output before using the header.
3. the PHP code after the header is executed. Remember to add exit () or die to exit.
In addition, pay attention to the security of the background logon address, so that it is not easy for others to guess!