Community Learn Tools Library Leisure

English

Home > Backend Development > PHP Tutorial > PHP Security - Backdoor URL

PHP Security - Backdoor URL

黄舟

Release： 2023-03-05 21:26:02

Original

1907 people have browsed it

Backdoor URL

A backdoor URL refers to a resource that can be accessed directly through the URL without being directly called. For example, the following WEB application may display sensitive information to logged-in users:

<?php
 
  $authenticated = FALSE;
  $authenticated = check_auth();
 
  /* ... */
 
  if ($authenticated)
  {
      include &#39;./sensitive.php&#39;;
  }
 
  ?>

Copy after login

Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and access the file directly. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.

To prevent backdoor URLs, you need to make sure to save all included files outside of your website's home directory. All files saved in the home directory of the website must be directly accessed through URL.

The above is the content of PHP Security-Backdoor URL. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!

Related labels：

PHP，安全，后门URL

source：php.cn

Previous article：PHP Security - Filename Manipulation Next article：PHP security-source code exposed

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

Video material on building your own PHP framework from scratch

2023-03-15 16:54:01
Example analysis of how PHPMailer uses QQ mailbox to complete the email sending function

2023-03-15 12:26:02
Introduction to how to receive emails in IMAP in php

2023-03-14 18:58:01
Example of how to quickly implement array deduplication in PHP

2023-03-14 11:30:01
Summary of the use of all attributes of the tag in html

1970-01-01 08:00:00
Summary of basic knowledge of PHP (necessary for beginners to get started)

2023-03-16 15:20:01
Introduction to the use of typeof in JavaScript

1970-01-01 08:00:00
Introduction to the use of confirm() method in JavaScript

1970-01-01 08:00:00
A detailed introduction to the HTML5 Placeholder attribute

1970-01-01 08:00:00
How to implement single-select, multiple-select and reverse-select in forms in ReactJS

1970-01-01 08:00:00

Latest Issues

function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...

From 2024-04-29 11:01:01

0

3

2041

How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?

From 2024-04-23 00:22:19

0

11

2200

The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.

From 2024-04-19 15:37:47

0

1

1855

There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...

From 2024-04-18 23:52:34

0

1

1745

Where is the courseware about CSS mind mapping? Courseware

From 2024-04-16 10:10:18

0

0

1766

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template