标签:coding reload https tran 内容 encoding 地址 hal transport
PHP
7.2.29之前的7.2.x版本、
7.3.16之前的7.3.x版本、
7.4.4之前的7.4.x版本中的
‘get_headers()’函数存在安全漏洞。可以用来绕WAF,SSRF利用
get_headers ( string $url , int $format = 0 , resource $context = ? )
: array
示例 #1 get_headers() 例子
<?php
$url = ‘https://www.cnblogs.com/Ky1226/‘;
print_r(get_headers($url));
print_r(get_headers($url, 1));
?>
输出
Array (
[0] => HTTP/1.1 200 OK
[1] => Date: Tue, 26 Jan 2021 11:28:56 GMT
[2] => Content-Type: text/html; charset=utf-8
[3] => Connection: close
[4] => Vary: Accept-Encoding
[5] => Strict-Transport-Security: max-age=2592000; includeSubDomains; preload )
Array (
[0] => HTTP/1.1 200 OK
[Date] => Tue, 26 Jan 2021 11:28:56 GMT
[Content-Type] => text/html; charset=utf-8
[Connection] => close
[Vary] => Accept-Encoding
[Strict-Transport-Security] => max-age=2592000; includeSubDomains; preload )
get_headers()会 截断 URL中 空字符 后的内容
$_GET[‘url‘] = "http://localhost\0.example.com";
注意这里是 "空字符"
标签:coding reload https tran 内容 encoding 地址 hal transport
原文地址:https://www.cnblogs.com/Ky1226/p/14332110.html
