Web服务器的安全和攻击防范(7)

伪造Web请求（一）

　　 下面这个简单的PHP程序将输出CGI参数b的值以及HTTP_REFERER的值：

kris@valiant:~/www <   cat test.php

<  ?php

  print "The value of b is $bn";

  print "The value of HTTP_REFERER is $HTTP_REFERERn";

? >

　　用telnet连接到80端口，我们能够向上述脚本提供任意的参数值b，同时还可以任意提供HTTP_REFERER值。我们把下面的几行发送到服务器：

GET /~kris/test.php?b=this+is+a+test HTTP/1.0

Host: valiant.koehntopp.de

Referer: http://www.attacker.com/die_sucker_die.html

　　下面是完整的会话过程：

kris@valiant:~/www <   telnet valiant 80

Trying 193.102.57.3...

Connected to valiant.koehntopp.de.

Escape character is '^]'.

GET /~kris/test.php?b=this+is+a+test HTTP/1.0

Host: valiant.koehntopp.de

Referer: http://www.attacker.com/die_sucker_die.html



HTTP/1.1 200 OK

Date: Sat, 08 Apr 2000 06:44:02 GMT

Server: Apache/1.3.9 (Unix)  (SuSE/Linux) PHP/4.0RC2-dev mod_ssl/2.4.7 OpenSSL/0.9.4

X-Powered-By: PHP/4.0RC2-devConnection: close

Content-Type: text/html



The value of b is this is a test

The value of HTTP_REFERER is http://www.attacker.com/die_sucker_die.html

Connection closed by foreign host.

原文转自：http://www.ltesting.net