dtv8189 2018-03-08 06:24
浏览 19

什么是这个php地址栏变量

I am learning about SQL injection following these walkthrough. The address bar looks like this:

https://redtiger.labs.overthewire.org/level3.php?usr=MDQyMjExMDE0MTgyMTQ

The first step is to generate an error by changing the value of this variable:

https://redtiger.labs.overthewire.org//hackit/level3.php?usr\[\]=

I am not experienced in web programming, but I know how to send form values in address line. However, the page source does not contain usr variable. What is this?

  • 写回答

1条回答 默认 最新

  • duanqujing3863 2018-03-08 06:47
    关注

    The actual URL requested is available in $_SERVER['REQUEST_URI']

    Querystring parameters will be found in $_GET ... in this case, look at $_GET['usr']

    These values would typically be produced as a result of a form submission. Look for input elements on the page with the name attribute of usr or multiple elements with the name usr[] in the second case. That would allow multiple entries to end up in an array server-side.

    评论

报告相同问题?

悬赏问题

  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥15 帮我写一个c++工程