1. Transit procedure Include.inc
Include_once ' include/base.php ';
$path = ";
$url = isbase::d ecrypt (UrlDecode ($_server[' query_string '));
Parse_str ($url); Gets the variable passed over the URL address get
if (!empty ($_post[' path ')) {//Gets the variable passed by POST
$path = $_post[' path '];
$path = isbase::d ecrypt (UrlDecode ($path));
}
Parse the real path
if (empty ($path)) {
Header ("Location:login.php");
Exit
}
if (!preg_match ("/(^http:/) | ( [?| &|=])/", $path)) {
Jump to the path of the actual execution file
ChDir (DirName ($path));
Include_once basename ($path);
Exit
}
?>
index.php and include.inc the same directory
Include Include.inc;
?>
2. Modify the link in the program ()
"Index.php?". Encrypt ("path=/test/test.php&test=123&test2=4321")
3. Modify the Post form in the program
The form is submitted to index.php
Add a hidden form in the middle
4. Modify the path of the front-end HTML page
Baseref=/test
5. The add and decrypt functions are provided by themselves
Summary:
This method is cumbersome, can only hide the path of the background script, the front-end script path can still be seen in the source file (Baseref)
in the address bar see the address is index.php?xxxxxxxx
http://www.bkjia.com/phpjc/629785.html www.bkjia.com true http://www.bkjia.com/phpjc/629785.html techarticle 1. Transit program Include.inc? Include_ Once ' include/base.php '; $path = "; $url = isbase::d ecrypt (UrlDecode ($_server[' query_string ')); Parse_str ($url); Get passed by URL address get ...
