如果是基于session或者cookie做防止刷新,那么,我可以伪造状态,用xmlhttp把服务器刷爆 代码如下,服务器端的代码在最后一个textarea里。 <form method="POST" action="http://toupiao.scol.com.cn/toupiao_save.asp"> <input type="hidden" name="topic" value="5"> 31号 杨杰晰 <input type="checkbox" name="item_button" checked value="45"><input type="submit" value="投票" name="bottom_type"><input type="reset" value="结果" name="bottom_type"> </form> <textarea name="servercode"> <?php require_once('echo.php'); session_start(); //pr($_COOKIE);pr($_GET);pr($_POST); //pr($_SESSION);pr($_COOKIE); if ( $_SESSION['posted'] == 1 ) { echo"error"; DIE; } //get cookie number $num = $_COOKIE['currNum']; $expires = time()+60*60*24*365; if (!isset($_COOKIE['currNum'])) { setcookie('currNum' , 1 , $expires ); echo "cookie没有设置\n"; } else { $num++; setcookie('currNum',$num); echo $num; } ?> <style type="text/css"> *{font:12px verdana;} </style> <pre> <?php foreach ($_POST as $key=>$v) { $$key = $v; $str .=$v."\r\n"; //echo "$v \n"; } //print_R($_SERVER); foreach ($_SERVER as $k=>$v) { $str .=$k."=".$v."\n"; } echo $str; $fp = fopen("d:/tmp/".$num.".txt","wb"); //fwrite($fp,$str); fclose($fp); $_SESSION['posted'] = 1; ?> 相关文章: