Remember an attack on PHP chat room_PHP tutorial-PHP Tutorial-php.cn

Netizen "Xiao Hao" gave me a chat room IP and asked me to check it out. I originally wanted to hack into its server, but I probably didn't have the technology to do it. I tried it for more than ten minutes, but I still couldn't get in. So, I wanted to find out what bugs there were in this chat room. It can be seen that the chat room is built using PHP+MySQL. The columns include: user registration, forgotten password, modification of information, user suicide, chat list, chat description, and refresh list. Then came the chat.
I randomly registered a user name. According to my preferences, I like to open the xxxxxx user. In this way, I registered a user with xxxxxx. Log in.
Where to start? I think it's better to check the modified information first. Generally, there are loopholes in chat rooms. Click to modify the information, and then you will enter the next screen, where you need to enter your username and secret. After entering, the next step is to modify the data. YES! There is a user nickname in the data modification, which is actually the user name. Check the source file immediately and see the following HMTL statement:
====================== ===========================cut============

===== =====================================end============ ======

Related labels：

php 。 Invasion go right attack of netizen chatroom

source：php.cn

Previous article：Prevent single quotes and double quotes from escaping on the accept page_PHP tutorial Next article：Using PHPLIB for Session Management and Authentication_PHP Tutorial

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn