Home > Backend Development > PHP Tutorial > Remember an attack on PHP chat room_PHP tutorial

Remember an attack on PHP chat room_PHP tutorial

WBOY
Release: 2016-07-13 17:09:02
Original
966 people have browsed it

Netizen "Xiao Hao" gave me a chat room IP and asked me to check it out. I originally wanted to hack into its server, but I probably didn't have the technology to do it. I tried it for more than ten minutes, but I still couldn't get in. So, I wanted to find out what bugs there were in this chat room. It can be seen that the chat room is built using PHP+MySQL. The columns include: user registration, forgotten password, modification of information, user suicide, chat list, chat description, and refresh list. Then came the chat.
I randomly registered a user name. According to my preferences, I like to open the xxxxxx user. In this way, I registered a user with xxxxxx. Log in.
Where to start? I think it's better to check the modified information first. Generally, there are loopholes in chat rooms. Click to modify the information, and then you will enter the next screen, where you need to enter your username and secret. After entering, the next step is to modify the data. YES! There is a user nickname in the data modification, which is actually the user name. Check the source file immediately and see the following HMTL statement:
====================== ===========================cut============












===== =====================================end============ ======

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629807.htmlTechArticleNetizen Xiaohao gave me a chat room IP and asked me to check it out. I originally wanted to hack into its server, but I probably didn't have the technology to do it. I tried it for more than ten minutes, but I still couldn't get in. So, I wanted to look for this...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
User profile

User nickname: *