简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Backend Development > PHP Tutorial > body text

PHP Security - Backdoor URL

黄舟
Release: 2023-03-05 21:26:02
Original
1832 people have browsed it



Backdoor URL

A backdoor URL refers to a resource that can be accessed directly through the URL without being directly called. For example, the following WEB application may display sensitive information to logged-in users: 

<?php
 
  $authenticated = FALSE;
  $authenticated = check_auth();
 
  /* ... */
 
  if ($authenticated)
  {
      include &#39;./sensitive.php&#39;;
  }
 
  ?>
Copy after login

Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and access the file directly. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.

To prevent backdoor URLs, you need to make sure to save all included files outside of your website's home directory. All files saved in the home directory of the website must be directly accessed through URL.

The above is the content of PHP Security-Backdoor URL. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!


Related labels:
PHP,安全,后门URL
source:php.cn
Previous article:PHP Security - Filename Manipulation Next article:PHP security-source code exposed
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Laravel project not started Good day, I'm totally new to Laravel, I have successfully installed Laravel-9 on my Window...
From 2023-09-14 19:16:59
0
1
246
How to handle Uncaught Error: PHP/Composer class not found? I'm starting a project with oop as a beginner and I'm trying to use some classes that I th...
From 2023-09-04 13:46:14
0
1
178
Title rewritten to: Fatal error: Unreachable mysqli_sql_exception for user 'Adeleke'@'localhost' (using password: yes) I'm trying to test my php software using XAMMP (localhost) but after clicking on the URL I...
From 2023-08-24 21:43:22
0
1
232
Why is there no response when running the example in the introductory tutorial of PHP Chinese website? In the PHP complete self-study manual tutorial of the introductory tutorial on the PHP Chi...
From 2021-01-08 19:44:12
0
1
841
The local installation is normal and the upload server installation is blank. The local installation is normal and the upload server installation is blank. When viewing...
From 2019-07-24 18:55:56
0
2
740
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!