由于程序是开源程序 并下载其程序看了一番。其实程序员还是有一点安全意识的: 防注入代码: 复制代码代码如下: //要过滤的非法字符 $ArrFiltrate = array ( \”#union#i\”, \”#<script#i\”, \”#/script>#i\”, \”#select#i\”, \”#alert#i\”, \”#javascript#i\”, \”#<table#i\”, \”#<td#i\”, \”#\\\”#i\”, \”#\\\’#i\”, \”#delete#i\”, \”#vbscript#i\”, \”#applet#i\”, \”#frame#i\”, \”#<div#i\”, \”#update#i\”, \”#\’#i\”, \”#union #i\”, \”#select #i\”, \”#delete #i\”, \”#update #i\”, \”#and #i\”, \”#;#i\”, \”#update#i\” ); $replacements=\’\’; function FunStringExist(&$array,$ArrFiltrate,$replacements) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) FunStringExist($array[$key],$ArrFiltrate,$replacements); else $array[$key] = preg_replace($ArrFiltrate, $replacements, $value); } } } FunStringExist($_GET,$ArrFiltrate,$replacements); FunStringExist($_POST,$ArrFiltrate,$replacements); 这段代码多少还是有瑕疵的、只过滤www.jb51.net get post 我们只要找调用request的地方 别一个文件并没有调用防注入程序,导致字符注入、但受gpc影响 复制代码代码如下: header(\”Content-Type:text/html;charset=utf-8\”); include \”../comm/config.php\”; $uname = trim($_GET[\”name\”]); if($uname==\’\’){ echo \”true\”; }else{ $con = @mysql_connect(\”$dbserver\”,\”$dbuser\”,\”$dbpass\” )or die(ERR_DB); mysql_select_db(\”$dbname\”,$con)or die(\”can not choose the dbname!\”); $query=\”select * from \”.$BIAOTOU.\”user where ddusername=\’\”.$uname.\”\’\”; mysql_query(\”set names utf8\”); $res=mysql_query($query); if(mysql_num_rows($res)!=0) {echo \”true\”;} else {echo \”false\”;} } 首先注册一个用户.让程序能过判断 ckuser.php?name=maxadd\’ and 1=1 and \’\’=\’ 返回true ckuser.php?name=maxadd\’ and 1=2 and \’\’=\’ 返回false
