HEAD injection principle
HEAD injected by definition is the time parameter passing, we will build in http header data.
HEAD injection usage scenarios
Why website to record your ip or request header, for the convenience of your secondary landing, distinguish your login address and the device can be more adaptive. [~ So tourists are generally not recorded, the first injection usually takes place in landing or mail more]
Superglobals
Many PHP predefined variables are "super-global", which means they are available in all scopes of a script.
这些超全局变量是:
$_REQUEST (获取GET/POST/COOKIE) COOKIE在新版本已经无法获取了
$_POST (获取POST传参)
$_GET (获取GET的传参)
$_COOKIE (获取COOKIE的值)
$_SERVER (包含了诸如头信息(header)、路径(path)、以及脚本位置(script locations)等等信息的数组)
$_SERVER功能强大。
常用的:
$_SERVER['HTTP_HOST'] 请求头信息中的Host内容,获取当前域名。
$_SERVER["HTTP_USER_AGENT"] 获取用户相关信息,包括用户浏览器、操作系统等信息。
$_SERVER["REMOTE_ADDR"] 浏览网页的用户ip。