Anemone95 / anemone95.github.io

http://anemone.top/
2 stars 1 forks source link

PHP中的危险函数和伪协议 | Anemone's Blog #48

Open Anemone95 opened 5 years ago

Anemone95 commented 5 years ago

http://anemone.top/php-PHP%E4%B8%AD%E7%9A%84%E5%8D%B1%E9%99%A9%E5%87%BD%E6%95%B0%E5%92%8C%E4%BC%AA%E5%8D%8F%E8%AE%AE/

复习一下PHP中常见的危险函数: 文件读取 file_get_contents(),该函数可以读取其他协议造成SSRF 123$src=$_GET['src'];$homepage = file_get_contents($src);echo $homepage; highlight_file(),高亮显示文件内容 show_source(),highlight_file()的别名 fopen