每次我將這個圖像查看器上傳到我的網站時,我就會被黑客入侵,即每次我上傳這個文件時,有人會攻擊我的網站任何更改密碼。黑客總是上傳php shell。但沒有辦法上傳文件。我的文件中的安全問題在哪裏
include "./config.php";
@ $db = mysql_pconnect($mysql['host'], $mysql['user'], $mysql['pass']) or die(mysql_error());
if ($_GET['id'])
{
$id = $_GET['id'];
}
else
{
header('Location: http://404.html') ;
exit;
}
$id = mysql_real_escape_string($id, $db);
//IT"S NOT WORKING!
if (!$db)
{
die("error");
}
mysql_select_db($mysql['db']) or die(mysql_error());
$query = "SELECT * FROM `images` WHERE id='" . $id . "'";
$result = mysql_query($query) or die(mysql_error());
if (!$result)
{
die("MySQL Select error");
}
$num_results = mysql_num_rows($result);
if ($num_results ==0)
{
header('Location: http:///404.html');
exit;
}
else{
$row = mysql_fetch_array($result);
$downloads = $row['downloads'] + 1;
$lastuse = time();
$ss = mysql_query("select downloads from `images` where id='".$id."'") or die(mysql_error());
$rr = mysql_fetch_array($ss);
$query = "update `images` set downloads=downloads+1, lastuse='" . $lastuse . "' where id='".$id."'";
$result = mysql_query($query);
if (!$result)
{
die("MySQL update error");
}
//get current stats
$query = "SELECT * FROM `stat_cache` WHERE 1";
$result = mysql_query($query);
if (!$result)
{
die("MySQL Select error");
}
$stat = mysql_fetch_array($result);
//downloads update
$downloads = $stat['downloads'] + 1;
$query = "UPDATE `stat_cache` SET downloads='" . $downloads . "' WHERE 1";
$result = mysql_query($query);
if (!$result)
{
die("MySQL Update error");
}
}
//Lets create the image, now.
if(!file_exists('./images/' . $id)) {
header('Location: http:///404.html') ;
exit;
}
header('Content-type: image/jpeg');
$fp = fopen('./images/' . $id, 'r');
$contents = fread($fp, $maxfilesize);
fclose($fp);
echo $contents;
任何人都可以告訴我這裏的安全問題在哪裏?
定義「我被黑客攻擊」 – Popnoodles 2013-02-10 06:24:46
你想知道的究竟是什麼? SQL注入? – 2013-02-10 06:24:53
Obligatory Bobby Tables:http://xkcd.com/327/並查找SQL注入和php準備好的語句 – Patashu 2013-02-10 06:25:21