更新时间:2023-10-21 23:17:58
如果您的表单位于 form.php
脚本中,请尝试使用浏览器中的 url 访问它,例如 http://yoursite.com/form.php/"><script>alert('XSS')</script>
看看它是否容易被注入.
If your form is at form.php
script, try accessing it with an url in the browser like http://yoursite.com/form.php/"><script>alert('XSS')</script>
to see if it is vulnerable to injection.
如果它没有做任何事情,您的配置会阻止这种情况,至少对于这个特定文件.
If it doesn't do anything, your configuration prevents this, at least for this specific file.
(当然,你应该使用类似 htmlspecialchars($_SERVER['SCRIPT_NAME'])
的东西.)
(Of course, you should use something like htmlspecialchars($_SERVER['SCRIPT_NAME'])
anyway.)