通过url进行PHP攻击[关闭]

my website was recently attacked and in the log i found some requests like :

I found some suspicious files and folders in my root directory and someone has written on home page that "you are hacked".

one of the folder is "lentenfish" having files like "sql.php" , "cof.pl" , ".htaccess" ,"jen.jeen"

mysite.com/view_news.php?id=-999.9 UNION ALL SELECT 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--

and

/?<'IMG SRC="javascript:alert(cross_site_scripting.nasl);">

and

/?ho+{COMPLETE_VERSION}

and

/admin/?email=../admin/noop.cgi?foo=bar&test=blah

and

/admin/?password=../../../../../../../../windows/win.ini

and many more :(

i don't know where the problem is and how to solve.

My website is written in php and the backend is MySql.

So Please help me out in solving this.

Thanks !

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

5条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dream04110 2011-05-09 11:48
关注
The first one is an attempt at SQL injection The second is snooping for XSS (Cross-Site-Scripting) vulnerability. Not sure about the third, but the others look like snooping for admin passwords.

You might want to just read up server and browser securty. This could be an automated attack, but it's important to be aware of these issues.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(4条)

报告相同问题？

关注问题

如何通过PHP设置URL的内容？ [关闭] javascript php
2016-08-08 22:46

回答 2 已采纳 It's a simple HTTP redirect. Each question has a slug. When the post slug doesn't match with the s
php函数url调用框架 http和https https php
2018-06-13 06:07

回答 1 已采纳 $_SERVER['SERVER_PORT'] 是获取你本地服务器的，不是远程的。。你远程地址支持什么协议不直接写死就行了。。。你判断你本地服务器的干嘛？
在PHP中获取URL的一部分并不完全正常 php
2019-05-23 15:12

回答 2 已采纳 You could use functions that are meant for directories and/or URLs: echo basename(dirname($url));
php之攻击篇
2022-02-11 00:16

西门吃雪……的博客通过发送大量的半连接请求，耗费CPU和内存资源。 SYN攻击除了能影响主机外，还可以危害路由器、防火墙等网络系统，事实上SYN攻击并不管目标是什么系统，只要这些系统打开TCP服务就可以实施 ...
根据URL生成PHP页面 php
2014-04-19 08:37

回答 3 已采纳 Try this: if ($_GET['img'] == 'source') { // do stuff } elseif ($_GET['img'] == 'bird') {
PHP：检查URL末尾是否包含斜杠 php
2016-09-20 16:03

回答 3 已采纳 You can achieve this by getting the whole url first then get the last character $getWholeUrl = "h
php woocommerce ID自定义字段显示在URL中 php
2019-06-04 01:11

回答 1 已采纳 <a href="<?php the_field('datasheet',the_ID()); ?>" >Download File</a> The p
php关闭防跨站,PHP防止跨站和xss攻击代码
2021-04-17 03:16

thon xie的博客将waf.php传到要包含的文件的目录2.在页面中加入防护，有两种做法，根据情况二选一即可：a).在所需要防护的页面加入代码1require_once('waf.php');就可以做到页面防注入、跨站如果想整站防注，就在网站的一个公用...
PHP cURL重定向到另一个URL php
2017-09-16 03:19

回答 1 已采纳 Try to follow the redirect with CURLOPT_FOLLOWLOCATION. curl_setopt($ch, CURLOPT_FOLLOWLOCATION,
CodeIgniter从url中删除index.php php
2016-02-05 03:50

回答 8 已采纳 Finally fixed my problem. I would like to share my answer to all of you. I am currently using a ma
PHP从远程URL读取JSON文件 laravel php
2017-04-15 11:39

回答 3 已采纳 I believe you have two issues and that my code below will solve them. My code also uses a few diff
PHP防SQL注入代码,PHP 预防CSRF、XSS、SQL注入攻击
2021-08-12 10:19

云博客-资源宝的博客 1.服务端进行CSRF防御服务端的CSRF方式方法很多样，但总的思想都是一致的，就是在客户端页面增加伪随机数。 (1).Cookie Hashing(所有表单都包含同一个伪随机值)：这可能是最简单的解决方案了，因为攻击者不能获得...
获取URL PHP的最后一部分 php
2011-09-12 23:04

回答 12 已采纳 You can use preg_match to match the part of the URL that you want. In this case, since the patt
php常见的45个漏洞及解决方案
2024-03-06 10:14

极致人生-010的博客 php常见45个漏洞及解决方案
php网站常见的几种攻击方式
2017-10-18 10:29

技术日记的博客针对 PHP 的网站主要存在下面几种攻击方式:: 1、命令注入(Command Injection) 2、eval 注入(Eval Injection) 3、客户端脚本攻击(Script Insertion) 4、跨网站脚本攻击(Cross Site Scripting, XSS) 5、SQL ...
没有解决我的问题, 去提问

悬赏问题

¥15 深度学习中模型转换该怎么实现
¥15 HLs设计手写数字识别程序编译通不过
¥15 Stata外部命令安装问题求帮助！
¥15 从键盘随机输入A-H中的一串字符串，用七段数码管方法进行绘制。提交代码及运行截图。
¥15 TYPCE母转母，插入认方向
¥15 如何用python向钉钉机器人发送可以放大的图片？
¥15 matlab（相关搜索：紧聚焦）
¥15 基于51单片机的厨房煤气泄露检测报警系统设计
¥15 Arduino无法同时连接多个hx711模块，如何解决？
¥50 需求一个up主付费课程

通过url进行PHP攻击[关闭]

5条回答 默认 最新

悬赏问题

5条回答默认最新