Fix the BUG. how can I fix this bug with two php files: 1.php& lt ;? Php & nbsp; echo & nbsp; '1 ';? & Gt; 2.php& lt ;? Php & nbsp; echo & nbsp; '2 ';? & Gt; enter http: // localhost/1.php/ in the browser to fix the BUG. how can I fix the bug?
There are 2 php files
1. php
Echo '1 ';
?>
2. php
Echo '2 ';
?>
Input in the browser
Http: // localhost/1.php/ 2.php
Output 1
In order to save trouble, I want to directly prompt that the browser address is invalid. what should I do?
Share To: 2.php Enter http: // localhost/1.php/ 2. ph... 'data-pics = ''>
------ Solution --------------------
However, http: // localhost/1.php/ 2.php is not illegal. why is it illegal?
The/2.php file is saved in the $ _ SERVER ['path _ info'] variable.
------ Solution --------------------
As mentioned above, it is not illegal. However, it is quite easy to implement. get the input url, intercept the file name, and make a simple judgment.
$ Url = "http: // localhost/1.php/ 2.php ";
$ Filename = basename ($ url );
If ($ filename! = "1.php "){
Echo "script" alert ('invalid address '); script ";
}
------ Solution --------------------
It is not clear what is used. it is recommended to create an anti-hop wall, with a single portal
PS: Close, score too low
------ Solution --------------------
How to verify if website is vulnerable?
If, for example, you use http://www.example.com/admin/ URL to access store admin, try to open http://www.example.com/admin/orders.php/login.php. If you will not see login screen you are in danger!
How can I verify that a website is vulnerable?
If, for example, you use. If you do not see the logon screen, you are in danger!
What I see is:
Am I in danger?
Joke!
