| SQL attack ျဖင့္ web site ကိုဟက္ျခင္း | for everyone |
ျပီးခဲ့ တဲ့ ေနက mr.data ျကီးက ဟက္လိုက္တာ ဒီကုတ္ေလးသံုးျပီးေတာ့ က်ြန္ေတာ္က်ြမ္းက်င္တဲ့ php ေပါ့
သူက ေတာ္ေတာ္ကိုေတာ္ပါတယ္
<?php // accesscontrol.php include_once 'common.php';
include_once 'db.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid']; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
<?php
return;
} if (mysql_num_rows($result) != 1) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
<?php
return;
} else { header('Location: http://www.rightintoit.com/protectedpage.php');
exit;
}
ဒီဆိုက္ကိုေပါ့ http://www.rightintoit.com/ attack လုတ္ထားတာ
မေကာင္းသူလက္ထဲ အသက္မ၀င္ေစရန္ ကုတ္အခ်ို့ ကိုခ်န္ထားခဲ့ပါတယ္
ေနေသာ္ေအာင္