How to verify if website is vulnerable?If, for example, you use http://www.example.com/admin/ URL to access store admin, try to open http://www.example.com/admin/orders.php/login.php. If you will not see login screen you are in danger!如何验证网站是脆弱的?如果,例如,你使用http://www.example.com/admin/的URL来访问存储管理,尝试打开http://www.example.com/admin/orders.php/login.php的。如果你不会看到登录屏幕,你处于危险之中!而我看到的是我处于危险之中? 笑话!
http://www.crehelp.com/cre-loaded-vulnerability-check-you-are-affected-pg-7.html
直接看订单情况。
还不知怎么修复呢
$filename = basename($url);
if($filename != "1.php"){
echo "<script>alert('地址非法');</script>";
}
笑话!