本文共 1177 字，大约阅读时间需要 3 分钟。

本文翻译自：

Our (PHP) framework sometimes renders hidden inputs with value YTowOnt9 . 我们的（PHP）框架有时会渲染值为YTowOnt9隐藏输入。 I can't find that string anywhere in the (huge) codebase, and can't figure out where it came from. 我无法在（巨大的）代码库中的任何地方找到该字符串，并且无法弄清楚它来自何处。 I decided to Google for that particular string, and the surprised me. 我决定使用Google来获取该特定字符串， 让我感到惊讶。 Over half a million - kind of random - hits. 超过五十万 - 随机 - 点击。 I haven't found any page describing the value itself. 我还没有找到任何描述价值本身的页面。 It has 0 hits on Stack Overflow. 它在Stack Overflow上有0次点击。

Is YTowOnt9 some kind of magic string? YTowOnt9是某种神奇的字符串吗？

#1楼

参考：

#2楼

It seems to be a -serialized empty array, base 64 encoded. 它似乎是一个序列化的空数组，基数为64。

$ base64 -D <<< 'YTowOnt9'a:0:{}$ php -r 'var_dump(unserialize(base64_decode("YTowOnt9")));'array(0) {}

There are many scripts that serialize arrays of data. 有许多脚本可以序列化数据数组。 When the arrays have data, they vary greatly, so the encoded PHP-serialized values do too, but when they are empty they are all the same. 当数组有数据时，它们变化很大，因此编码的PHP序列化值也会这样做，但是当它们为空时它们都是相同的。 It makes it look as if a lot of very different PHP scripts have this random string in common. 它使得看起来很多非常不同的PHP脚本都有这个随机字符串。

转载地址：http://tzjnb.baihongyu.com/