大部分Web扫描器(包括上传、管理后台扫描器)都是通过判断HTTP的200返回来确定页面存在的,在页面存在的基础上,这些扫描期才会开始对漏洞进行扫描。既然不能保证内部逻辑的严密,那么就在输入/输出这个瓶颈上做文章,当输入错误的密码或者权限失败时,我们自己返回一个400错误的HTTP消息来误导扫描器不再继续进行扫描(包括哪些手工入侵者)
以PHP为例:
复制代码 代码如下:
ob_start();
if ('Password' != $_GET['password'])
header("HTTP/1.1 404 Not Found");
?>
How to open php file
How to remove the first few elements of an array in php
What to do if php deserialization fails
How to connect php to mssql database
How to connect php to mssql database
What to do if an error occurs in the script of the current page
How to upload html
How to solve garbled characters in PHP
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
