download92000 2011-05-09 11:43
浏览 31
已采纳

通过url进行PHP攻击[关闭]

my website was recently attacked and in the log i found some requests like :

I found some suspicious files and folders in my root directory and someone has written on home page that "you are hacked".

one of the folder is "lentenfish" having files like "sql.php" , "cof.pl" , ".htaccess" ,"jen.jeen"

mysite.com/view_news.php?id=-999.9 UNION ALL SELECT 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--

and

/?<'IMG SRC="javascript:alert(cross_site_scripting.nasl);">

and

/?ho+{COMPLETE_VERSION}

and

/admin/?email=../admin/noop.cgi?foo=bar&test=blah

and

/admin/?password=../../../../../../../../windows/win.ini

and many more :(

i don't know where the problem is and how to solve.

My website is written in php and the backend is MySql.

So Please help me out in solving this.

Thanks !

  • 写回答

5条回答 默认 最新

  • dream04110 2011-05-09 11:48
    关注

    The first one is an attempt at SQL injection The second is snooping for XSS (Cross-Site-Scripting) vulnerability. Not sure about the third, but the others look like snooping for admin passwords.

    You might want to just read up server and browser securty. This could be an automated attack, but it's important to be aware of these issues.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥20 360摄像头无法解绑使用,请教解绑当前账号绑定问题,
  • ¥15 docker实践项目
  • ¥15 数电几道习题,写出作答过程,ai一律不采用
  • ¥15 利用pthon计算薄膜结构的光导纳
  • ¥15 海康hlss视频流怎么播放
  • ¥15 Paddleocr:out of memory error on GPU
  • ¥30 51单片机C语言数码管驱动单片机为AT89C52
  • ¥100 只改动本课件的 cal_portfolio_weight_series(decision_date), 跑完本课件。设计一个信息比率尽量高的策略。
  • ¥20 如何在visual studio 2022中添加ImageMagick库
  • ¥50 如何实现uniapp编译的微信小程序做可回溯视频