AI写作智能体 自主规划任务,支持联网查询和网页读取,多模态高效创作各类分析报告、商业计划、营销方案、教学内容等。 广告
# 跳过登录 ``` <pre class="calibre18">``` <span class="token1"><</span>form action<span class="token1">=</span><span class="token2">"./demo.php"</span> method<span class="token1">=</span><span class="token2">"post"</span><span class="token1">></span> <span class="token1"><</span>input type<span class="token1">=</span><span class="token2">"text"</span> name<span class="token1">=</span><span class="token2">"adminname"</span><span class="token1">></span> <span class="token1"><</span>input type<span class="token1">=</span><span class="token2">"pwssword"</span> name<span class="token1">=</span><span class="token2">"adminpass"</span><span class="token1">></span> <span class="token1"><</span>input type<span class="token1">=</span><span class="token2">"submit"</span> name<span class="token1">=</span><span class="token2">"submit"</span> value<span class="token1">=</span><span class="token2">"确定"</span><span class="token1">></span> <span class="token1"><</span><span class="token1">/</span>form<span class="token1">></span> ``` ``` demo.php ``` <pre class="calibre10">``` $sql<span class="token1">=</span><span class="token2">"select * form admin where adminname='{$_POST['adminname']}' and adminpass='{$_POST['adminpass']}'"</span><span class="token3">;</span> $res<span class="token1">=</span><span class="token4">mysql_query</span><span class="token3">(</span>$sql<span class="token3">)</span><span class="token3">;</span> $admin<span class="token1">=</span><span class="token4">mysql_num_rows</span><span class="token3">(</span>$res<span class="token3">)</span><span class="token3">;</span> <span class="token5">if</span><span class="token3">(</span>$admin<span class="token1">==</span><span class="token2">'1'</span><span class="token3">)</span><span class="token3">{</span> <span class="token4">setcookie</span><span class="token3">(</span><span class="token2">'admin_name'</span><span class="token3">,</span> $_POST<span class="token3">[</span><span class="token2">'adminname'</span><span class="token3">]</span><span class="token3">,</span> <span class="token4">time</span><span class="token3">(</span><span class="token3">)</span><span class="token1">+</span><span class="token6">3600</span><span class="token3">,</span> <span class="token2">'/'</span><span class="token3">)</span> <span class="token3">}</span> ``` ``` ![](https://img.kancloud.cn/61/a8/61a8730d33cffd402689368f9ec79fd2_791x582.png) 修改成 ![](https://img.kancloud.cn/0f/9a/0f9a7b8e65f18eb38305c9d547b0047c_438x88.png) 第二种就是访问台页面时判断coookie是否存在不存在则跳转到登录页面 ``` <pre class="calibre10">``` <span class="token5">if</span><span class="token3">(</span><span class="token4">isset</span><span class="token3">(</span>$_COOKIE<span class="token3">[</span><span class="token2">'admin_name'</span><span class="token3">]</span><span class="token3">)</span><span class="token3">)</span><span class="token3">{</span> $user<span class="token1">=</span>$_COOKIE<span class="token3">[</span><span class="token2">'admin_name'</span><span class="token3">]</span><span class="token3">)</span><span class="token3">;</span> <span class="token3">}</span><span class="token5">else</span><span class="token3">{</span> $user<span class="token1">=</span><span class="token5">null</span><span class="token3">;</span> <span class="token3">}</span> <span class="token5">if</span><span class="token3">(</span>$user<span class="token1">==</span><span class="token5">null</span><span class="token3">)</span><span class="token3">{</span> <span class="token4">header</span><span class="token3">(</span><span class="token2">"Location:../index.php"</span><span class="token3">)</span><span class="token3">;</span> exit<span class="token3">;</span> <span class="token3">}</span> ``` ``` 这个cookie时可以伪造的 具体做法是在访问后台页面时拦截请求,在后在头信息加上cookie:admin\_name=admin