��󱨸�

�� PHP �İ�ȫ��˵��󱨸��һ��˫�н��һ��߰�ȫ�ԣ��һ��к��

��ϵͳʱ��ʹ�õ��ַ��벻��ȷ��ݣ�Ȼ��鿴��ʾ��ͼ��ġ��ڹ��ռ��Ϣ�Ա�Ѱ��㡣��˵��һ��֪��һ��ҳ��ڵı��Ϣ��ô��ͻ᳢��޸ı��

Example #1 ��Զ�� HTML ҳ�湥��

<form method="post" action="attacktarget?username=badfoo&amp;password=badfoo">
<input type="hidden" name="username" value="badfoo" />
<input type="hidden" name="password" value="badfoo" />
</form>

ͨ�� PHP ��صĴ��ʾ��ܰ��ߵ��Գ��ĸ��ļ��Щ��ָ��ļ��ĵڼ��У��Щ�� PHP ��ܸ��Ϣ��ܶ� PHP ��߻�ʹ�� show_source()��highlight_string() �� highlight_file() ��Դ��룬��ʽ��е��վ�У��ܻᱩ¶��صı��δ��﷨��Ŀ��Σ��ϵͳ��ȫ��Ϣ��һЩ��ڲ��Դ��ĳ��򣬻��ʹ��ͨ�õ��Լ��Ǻ�Σ�յġ��ù��ȷ��˳��ʹ��־��ĵ��Լ��ǻ᳢�Է��ͱ��򿪵��Թ��ܣ�

Example #2 ��ñ��򿪵�ʽ��

<form method="post" action="attacktarget?errors=Y&amp;showerrors=1&amp;debug=1">
<input type="hidden" name="errors" value="Y" />
<input type="hidden" name="showerrors" value="1" />
<input type="hidden" name="debug" value="1" />
</form>

��ܴ��Σ��̽��ϵͳ��ṩ��Ϣ��

��˵��PHP �Ķ��еĴ��ʾ��˵��ϵͳ�� PHP��Ѱ��һ�� .html Ϊҳ�棬��֪��̨�ļ��Ϊ��Ѱ��ϵͳ��㣩��Ǿͻ�Ѵ��ύ��ȥ��Ȼ��п��Ե�֪ϵͳ�ǻ�� PHP ��ˡ�

һ��Ϳ��ܱ�¶ϵͳ��ʹ�õ��ݿ⣬��Ϊ��ṩ�й��ҳ��Ʒ��Ϣ��˳��ϵ��ҵ��ŵ��ݿ�˿ڣ��Լ�ҳ��ĳЩ bug ��ȡ��˵��߿��һЩ��ʹ��̽��ű��֤��˳��ͨ��ʾ��к��֣��Լ��ű��λ�ÿ��й¶��Ϣ��

��õİ취��Щ��⡣��һ��ǳ��׵ؼ��к��ֲ��󡣵ڶ��Ƕ��ϵͳ��׹رմ��󱨸档��ʹ�� PHP �Զ��Ĵ��Լ��Ĵ��ơ��ݲ�ͬ�İ�ȫ��ԣ��ַ��ܶ��á�

һ��ǰ��ֹ��ⷢ��ķ�� error_reporting() ��ʹ��ȫ��ֱ��ʹ�õ�Σ��֮��ڷ��֮ǰ��ȴ� E_ALL ��Դ��룬��԰��ܿ��ҵ��ʹ�ò��ĵط��һ��׼��ʽ��Ӧ�ð� error_reporting() �Ĳ��Ϊ 0 ��׹رմ��󱨸��߰� php.ini �е� display_errors ��Ϊ off ��ر��еĴ��ʾ�Խ��̽�⡣��Ȼ��Ҫ��һЩ��Ͳ�Ҫ��Ǵ� ini �ļ��ڵ� log_errors ѡ���ͨ�� error_log ָ��ڼ�¼��Ϣ��ļ��

Example #3 �� E_ALL ��Σ�յı��


<?php
if ($username) {  // Not initialized or checked before usage
    $good_login = 1;
}
if ($good_login == 1) { // If above test fails, not initialized or checked before usage
    readfile ("/highly/sensitive/data/index.html");
}
?>

���󱨸�

��󱨸�