• 日期: 2027-10-26
  • 标签: 常规
<!DOCTYPE html>
<html lang='en'>
    <?php
    session_start();
    include('admin/db_connect.php');
    ob_start();
        $query = $conn->query('SELECT * FROM system_settings limit 1')->fetch_array();
         foreach ($query as $key => $value) {
          if(!is_numeric($key))
            $_SESSION['system'][$key] = $value;
        }
    ob_end_flush();
    include('header.php');
<pre><code>?&gt;

&lt;style&gt;
	header.masthead {
	  background: url(admin/assets/uploads/&lt;?php echo $_SESSION['system']['cover_img'] ?&gt;);
	  background-repeat: no-repeat;
	  background-size: cover;
	}
</code></pre>
<p>#viewer_modal .btn-close {
position: absolute;
z-index: 999999;
/<em>right: -4.5em;</em>/
background: unset;
color: white;
border: unset;
font-size: 27px;
top: 0;
}
#viewer_modal .modal-dialog {
width: 80%;
max-width: unset;
height: calc(90%);
max-height: unset;
}
#viewer_modal .modal-content {
background: black;
border: unset;
height: calc(100%);
display: flex;
align-items: center;
justify-content: center;
}
#viewer_modal img,#viewer_modal video{
max-height: calc(100%);
max-width: calc(100%);
}
body,main {
background: #121212 !important;
padding-bottom: 15px;
}
footer{
background: #020202 !important;
}</p>
<p>a.jqte_tool_label.unselectable {
height: auto !important;
min-width: 4rem !important;
padding:5px
}</p>
<p>#carousel-field{
position: fixed;
z-index: -1;
width: calc(100%)
}
#carousel-field, #carsCarousel, #carsCarousel .carousel-inner,#carsCarousel .carousel-item,#carsCarousel img{
/<em>max-height: 60vh</em>/
}
.col-lg-8.align-self-end.mb-4.page-title {
background: #00000070;
}</p>
<p>/*
a.jqte_tool_label.unselectable {
height: 22px !important;
}*/
</style>
<?php 
$page = isset($_GET['page']) ?$_GET['page'] : 'home';
if($page == 'home'):
?>
<style>
.masthead{
background: unset!important
}
.masthead:before{
content: unset!important;
}
</style></p>
  <header class='masthead'>
        <?php 
        $cars_img = scandir('admin/assets/uploads/cars_img/');
            foreach($cars_img as $k=> $fname){
                if(in_array($fname,array('.','..'))){
                    unset($cars_img[$k]);
                }
            }
            if(count($cars_img) > 0):
        ?>
        <div id='carousel-field'>
        <div id='carsCarousel' class='carousel slide' data-ride='carousel'>
          <div class='carousel-inner'>
            <?php
            $i = 0 ;
             foreach($cars_img as $fname):
                $active = ($i == 0) ? 'active' : '';
                $i++;
            ?>
            <div class='carousel-item <?php echo $active ?>'>
              <img class='d-block w-100' src='admin/assets/uploads/cars_img/<?php echo $fname ?>' alt=''>
            </div>
            <?php endforeach; ?>
          </div>
        </div>
        </div>
    <?php endif; ?>
<pre><code>   &lt;div class='container h-100'&gt;
        &lt;div class='row h-100 align-items-center justify-content-center text-center'&gt;
            &lt;div class='col-lg-8 align-self-end mb-4 page-title'&gt;
              &lt;h3 class='text-white'&gt;Welcome to &lt;?php echo $_SESSION['system']['name']; ?&gt;&lt;/h3&gt;
                &lt;hr class='divider my-4' /&gt;

            &lt;div class='col-md-12 mb-2 justify-content-center'&gt;
              &lt;form action='' id='find-car'&gt;
                &lt;div class='row form-group'&gt;
                  &lt;div class='col-md-4'&gt;
                    &lt;label for='' class='control-label text-white'&gt;Pickup Date/Time&lt;/label&gt;
                    &lt;input type='text' class='form-control datetimepicker' required='' name='pickup' autocomplete='off'&gt;
                  &lt;/div&gt;
                  &lt;div class='col-md-4'&gt;
                    &lt;label for='' class='control-label text-white'&gt;Drop off Date/Time&lt;/label&gt;
                    &lt;input type='text' class='form-control datetimepicker' required='' name='dropoff' autocomplete='off'&gt;
                  &lt;/div&gt;
                  &lt;div class='col-md-4'&gt;
                    &lt;label for='' class='control-label text-white'&gt;Category&lt;/label&gt;
                    &lt;select class='custom-select select2' name='category_id'&gt;
                      &lt;option value='0'&gt;Any&lt;/option&gt;
                      &lt;?php
                      $qry = $conn-&gt;query('SELECT * FROM categories order by name asc');
                      while($row=$qry-&gt;fetch_assoc()):
                      ?&gt;
                      &lt;option value='&lt;?php echo $row['id'] ?&gt;'&gt;&lt;?php echo $row['name'] ?&gt;&lt;/option&gt;
                      &lt;?php endwhile; ?&gt;
                    &lt;/select&gt;
                  &lt;/div&gt;
                &lt;/div&gt;
                &lt;div class='form-group '&gt;
                  &lt;center&gt;
                    &lt;button class='btn btn-primary'&gt;Find Availability&lt;/button&gt;
                  &lt;/center&gt;
                &lt;/div&gt;
              &lt;/form&gt;
            &lt;/div&gt;                        
            &lt;/div&gt;
            
        &lt;/div&gt;
    &lt;/div&gt;  
&lt;/header&gt;
&lt;?php endif; ?&gt;
&lt;body id='page-top'&gt;
    &lt;!-- Navigation--&gt;
    &lt;div class='toast' id='alert_toast' role='alert' aria-live='assertive' aria-atomic='true'&gt;
    &lt;div class='toast-body text-white'&gt;
    &lt;/div&gt;
  &lt;/div&gt;
    &lt;nav class='navbar navbar-expand-lg navbar-light fixed-top py-3' id='mainNav'&gt;
        &lt;div class='container'&gt;
            &lt;a class='navbar-brand js-scroll-trigger' href='./'&gt;&lt;?php echo $_SESSION['system']['name'] ?&gt;&lt;/a&gt;
            &lt;button class='navbar-toggler navbar-toggler-right' type='button' data-toggle='collapse' data-target='#navbarResponsive' aria-controls='navbarResponsive' aria-expanded='false' aria-label='Toggle navigation'&gt;&lt;span class='navbar-toggler-icon'&gt;&lt;/span&gt;&lt;/button&gt;
            &lt;div class='collapse navbar-collapse' id='navbarResponsive'&gt;
                &lt;ul class='navbar-nav ml-auto my-2 my-lg-0'&gt;
                    &lt;li class='nav-item'&gt;&lt;a class='nav-link js-scroll-trigger' href='index.php?page=home'&gt;Home&lt;/a&gt;&lt;/li&gt;
                    &lt;li class='nav-item'&gt;&lt;a class='nav-link js-scroll-trigger' href='index.php?page=about'&gt;About&lt;/a&gt;&lt;/li&gt;
                   
                    
                 
                &lt;/ul&gt;
            &lt;/div&gt;
        &lt;/div&gt;
    &lt;/nav&gt;
</code></pre>
  <main>
        <?php 
        include $page.'.php';
        ?>
</main>
<div class='modal fade' id='confirm_modal' role='dialog'>
    <div class='modal-dialog modal-md' role='document'>
      <div class='modal-content'>
        <div class='modal-header'>
        <h5 class='modal-title'>Confirmation</h5>
      </div>
      <div class='modal-body'>
        <div id='delete_content'></div>
      </div>
      <div class='modal-footer'>
        <button type='button' class='btn btn-primary' id='confirm' onclick=''>Continue</button>
        <button type='button' class='btn btn-secondary' data-dismiss='modal'>Close</button>
      </div>
      </div>
    </div>
  </div>
  <div class='modal fade' id='uni_modal' role='dialog'>
    <div class='modal-dialog modal-md' role='document'>
      <div class='modal-content'>
        <div class='modal-header'>
        <h5 class='modal-title'></h5>
      </div>
      <div class='modal-body'>
      </div>
      <div class='modal-footer'>
        <button type='button' class='btn btn-primary' id='submit' onclick='$('#uni_modal form').submit()'>Save</button>
        <button type='button' class='btn btn-secondary' data-dismiss='modal'>Cancel</button>
      </div>
      </div>
    </div>
  </div>
  <div class='modal fade' id='uni_modal_right' role='dialog'>
    <div class='modal-dialog modal-full-height  modal-md' role='document'>
      <div class='modal-content'>
        <div class='modal-header'>
        <h5 class='modal-title'></h5>
        <button type='button' class='close' data-dismiss='modal' aria-label='Close'>
          <span class='fa fa-arrow-righ t'></span>
        </button>
      </div>
      <div class='modal-body'>
      </div>
      </div>
    </div>
  </div>
  <div class='modal fade' id='viewer_modal' role='dialog'>
    <div class='modal-dialog modal-md' role='document'>
      <div class='modal-content'>
              <button type='button' class='btn-close' data-dismiss='modal'><span class='fa fa-times'></span></button>
              <img src='' alt=''>
      </div>
    </div>
  </div>
  <div id='preloader'></div>
        <footer class=' py-5'>
            <div class='container'>
                <div class='row justify-content-center'>
                    <div class='col-lg-8 text-center'>
                        <h2 class='mt-0 text-white'>Contact us</h2>
                        <hr class='divider my-4' />
                    </div>
                </div>
                <div class='row'>
                    <div class='col-lg-4 ml-auto text-center mb-5 mb-lg-0'>
                        <i class='fas fa-phone fa-3x mb-3 text-muted'></i>
                        <div class='text-white'><?php echo $_SESSION['system']['contact'] ?></div>
                    </div>
                    <div class='col-lg-4 mr-auto text-center'>
                        <i class='fas fa-envelope fa-3x mb-3 text-muted'></i>
                        <!-- Make sure to change the email address in BOTH the anchor text and the link target below!-->
                        <a class='d-block' href='mailto:<?php echo $_SESSION['system']['email'] ?>'><?php echo $_SESSION['system']['email'] ?></a>
                    </div>
                </div>
            </div>
            <br>
            <div class='container'><div class='small text-center text-muted'>Copyright © 2020 - <?php echo $_SESSION['system']['name'] ?> | <a href='https://www.sourcecodester.com/' target='_blank'>Sourcecodester</a></div></div>
        </footer>
<pre><code>   &lt;?php include('footer.php') ?&gt;
&lt;/body&gt;
&lt;script type='text/javascript'&gt;
  $('#login').click(function(){
    uni_modal('Login','login.php')
  })
  $('.datetimepicker').datetimepicker({
      format:'Y-m-d H:i',
  })
  $('#find-car').submit(function(e){
    e.preventDefault()
    location.href = 'index.php?page=search&amp;'+$(this).serialize()
  })
&lt;/script&gt;
&lt;?php $conn-&gt;close() ?&gt;
</code></pre>
</html>
<p>可能存在的漏洞如下:</p>
<ol>
<li>SQL 注入</li>
</ol>
<p>在代码中,从数据库中获取数据时没有使用预处理语句,而是直接将 SQL 语句和变量拼接在一起。这种做法会导致 SQL 注入攻击。攻击者可以在输入框中输入一些恶意的 SQL 语句,从而在数据库中执行非授权的操作,例如删除、修改或者获得数据。可以使用预处理语句来防止 SQL 注入攻击。</p>
<ol start="2">
<li>会话固定攻击</li>
</ol>
<p>在代码中,使用了 PHP 的会话管理功能,但是没有更新会话 ID。这种做法会导致会话固定攻击。攻击者可以通过使用相同的会话 ID 来获取受害者的会话信息,例如用户名和密码。可以使用 session_regenerate_id() 函数来更新会话 ID,从而防止会话固定攻击。</p>
<ol start="3">
<li>XSS 攻击</li>
</ol>
<p>在代码中,使用了动态生成的 HTML 标签,例如 header、img、video 等标签。这种做法会导致 XSS 攻击。攻击者可以在输入框中输入一些恶意的脚本代码,从而在用户浏览器中执行非授权的操作,例如窃取用户的会话信息。可以使用 htmlspecialchars() 函数来过滤输入框中的特殊字符,从而防止 XSS 攻击。</p>
<ol start="4">
<li>文件包含漏洞</li>
</ol>
<p>在代码中,使用了 include() 函数来加载 PHP 文件。如果没有对输入进行过滤,攻击者可以在输入框中输入一些恶意的文件路径,从而加载恶意的 PHP 文件,例如木马程序。可以使用 realpath() 函数或者白名单机制来过滤输入框中的文件路径,从而防止文件包含漏洞。</p>
代码审计:index.php 代码漏洞分析

原文地址: https://www.cveoy.top/t/topic/oXb6 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录