当前位置:网站首页>php parse_url绕过白名单
php parse_url绕过白名单
2022-07-28 14:15:00 【[email protected]】
$host = parse_url($url, PHP_URL_HOST);
if (!in_array($host, [
'xxx.xxx',
]))
已知这种检验,判断url的host是否在白名单中,此时可以通过http://[email protected]这种方式绕过,http://[email protected]解析host为xxx.xxx,而当浏览器访问这个网站时,\符号会变成/符号,导致绕过。
版权声明
本文为[[email protected]]所创,转载请带上原文链接,感谢
https://blog.csdn.net/qq_38641816/article/details/108380321
边栏推荐
- Deploy flask on Alibaba cloud server
- 使用cpolar发布树莓派网页(apache2的安装测试)
- Knowledge map Foundation (I) - what is knowledge map
- Enumeration type
- iframe 标签
- Install biological sequence de redundancy software CD hit
- 19、 ROS parameter name setting
- Compose learning notes 2 - launchedeffect, status and status management
- 3540. 二叉搜索树
- 3438. Number system conversion
猜你喜欢
Hard disk partition method
iPhone苹果手机上一些不想让他人看到的APP应用图标怎么设置手机桌面上的APP应用设置隐藏不让显示在手机桌面隐藏后自己可以正常使用的方法?
6、 C language circular statement
即刻体验 | 借助 CTS-D 进一步提升应用设备兼容性
The automatic prompt of vs code code is missing - a tick to solve it
svg 验证码识别体验
![[complete installation package & tutorial] sqlserver basic installation_ Sqlserver completely uninstalled_ Sqlserver custom installation_ Getting started with sqlserver_ SQLSERVER database](/img/72/d3e46a820796a48b458cd2d0a18f8f.png)
[complete installation package & tutorial] sqlserver basic installation_ Sqlserver completely uninstalled_ Sqlserver custom installation_ Getting started with sqlserver_ SQLSERVER database
![UTF-8、UTF-16 和 UTF-32 字符编码之间的区别?[图文详解]](/img/a9/336390db64d871fa1655800c1e0efc.png)
UTF-8、UTF-16 和 UTF-32 字符编码之间的区别?[图文详解]
MLX90640 红外热成像仪传感器模块开发笔记(八)
经典Dijkstra与最长路
随机推荐
Enumeration type
Why do enterprises need user autonomous digital identity
企业微信客服链接,企业微信客服聊天
Instant experience | further improve application device compatibility with cts-d
3477. Simple sorting
Touch hands to realize canal how to access Mysql to realize data write operation monitoring
Mysql易错知识点整理(待更新)
18、 ROS topic name setting
Three pain points of software development! How to solve the applet container?
3438. 数制转换
Is the expansion operator a deep copy or a shallow copy
JS -- realize the rotation chart (complete function)
5、 C language judgment statement
chrome插件调试
Stack expression
Shell command
JS常用的3种弹出框
Shader顶点着色器修改顶点高度的一个思路
charles如何安装并使用
23、 TF coordinate transformation (III): dynamic coordinate transformation