每次我将此图像查看器上传到我的网站时,我都会被黑客入侵,即每次上传此内容时,有人会破解我的网站任何更改密码。黑客总是上传php shell。但没有办法上传文件。
include "./config.php";
@ $db = mysql_pconnect($mysql['host'], $mysql['user'], $mysql['pass']) or die(mysql_error());
if ($_GET['id'])
{
$id = $_GET['id'];
}
else
{
header( 'Location: http://404.html' ) ;
exit;
}
$id = mysql_real_escape_string($id, $db);
//IT"S NOT WORKING!
if (!$db)
{
die("error");
}
mysql_select_db($mysql['db']) or die(mysql_error());
$query = "SELECT * FROM `images` WHERE id='" . $id . "'";
$result = mysql_query($query) or die(mysql_error());
if (!$result)
{
die("MySQL Select error");
}
$num_results = mysql_num_rows($result);
if ($num_results ==0)
{
header( 'Location: http:///404.html' );
exit;
}
else{
$row = mysql_fetch_array($result);
$downloads = $row['downloads'] + 1;
$lastuse = time();
$ss = mysql_query("select downloads from `images` where id='".$id."'") or die(mysql_error());
$rr = mysql_fetch_array($ss);
$query = "update `images` set downloads=downloads+1, lastuse='" . $lastuse . "' where id='".$id."'";
$result = mysql_query($query);
if (!$result)
{
die("MySQL update error");
}
//get current stats
$query = "SELECT * FROM `stat_cache` WHERE 1";
$result = mysql_query($query);
if (!$result)
{
die("MySQL Select error");
}
$stat = mysql_fetch_array($result);
//downloads update
$downloads = $stat['downloads'] + 1;
$query = "UPDATE `stat_cache` SET downloads='" . $downloads . "' WHERE 1";
$result = mysql_query($query);
if (!$result)
{
die("MySQL Update error");
}
}
//Lets create the image, now.
if(!file_exists('./images/' . $id)) {
header( 'Location: http:///404.html' ) ;
exit;
}
header('Content-type: image/jpeg');
$fp = fopen('./images/' . $id, 'r');
$contents = fread($fp, $maxfilesize);
fclose($fp);
echo $contents;
任何人都可以告诉我这里的安全问题在哪里?