实验目的
根据文章”PHP绕过open_basedir列目录的研究”通过测试不同的配置验证本文的绕过basedir的方法是否有效,从而安全配置php open_basedir的目的.
文中后面几个方法都是windwos下采用枚举的方式列出目录,linux下需要做暴力猜解的方式才可以,所以不做测试.
测试”DirectoryIterator + Glob”方式是否可以绕过open_basedir
测试webshell工具”菜刀”是否可以绕过open_basedir
nginx + PHP 5.6.7 fastcgi模式, centos7 linux
目前配置open_basedir有三处地方php-fpm.conf,nginx fastcgi_param,php.ini
下面逐一测试
只在php-fpm.conf中配置
php_admin_value[open_basedir]=/home/wwwroot/:/proc/:/tmp/
结果
open_basedir的目录以外不能读,不能写,不过DirectoryIterator + Glob 可以成功列出全盘文件
open_basedir : /home/wwwroot/:/proc/:/tmp/ -- DirectoryIterator + Glob --. .. .autorelabel bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr vagrant var
菜刀不可跨出basedir
只在nginx的fastcgi_param配置
# set php open_basedir fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
这里的”$document_root”是nginx中的变量,为nginx的每个server里的root目录
比如server www.iamle.com配置的root目录为/home/wwwroot/www.iamle.com
认真读php手册有下面这段话
PHP配置值通过 php_value 或者 php_flag 设置,并且会覆盖以前的值。
请注意 disable_functions 或者 disable_classes 在 php.ini 之中定义的值不会被覆盖掉,但是会将新的设 置附加在原有值的后面。使用 php_admin_value 或者 php_admin_flag 定义的值,不能被 PHP代码中的 ini_set() 覆盖。自 5.3.3 起,也可以通过 web 服务器设置PHP 的设定。也就是nignx中fastcgi_param配置php的配置php_flag用来专门设置布尔值,如on, off, 1, 0, true, false, yes, no,而php_value用来设置所有类型的值结果和上面一样open_basedir的目录以外不能读,不能写,不过DirectoryIterator + Glob 可以成功列出全盘文件
菜刀不可跨出basedir
只在php.ini配置
[HOST=www.iamle.com]open_basedir=/home/wwwroot/www.iamle.com/:/proc/:/tmp/[PATH=/home/wwwroot/www.iamle.com/]open_basedir=/home/wwwroot/www.iamle.com/:/proc/:/tmp/
意思是当HOST=www.iamle.com设置open_basedir,当PATH=/home/wwwroot/www.iamle.com/
设置open_basedir,我测试的时候2个任意设置一个都是有效的
结果和上面一样
open_basedir的目录以外不能读,不能写,不过DirectoryIterator + Glob 可以成功列出全盘文件
菜刀不可跨出basedir
个人结论DirectoryIterator + Glob的方式可以列出php服务器上所有文件,看似没什么危害,实际上对于长期的APT绝对有帮助.
open_basedir不是想象的那么安全,说不定别人手上有甚至有能读写open_basedir的0day
个人推荐的nginx + php(fastcgi fpm-php)(lnmp) open_basedir的配置
先设置fpm-php中pool池中的总open_basedir这叫顶层设计,有个总限制,比如统一限制到/home/wwwroot/这样的web目录下再对nginx中单个server 通过 fastcgi_param PHP_ADMIN_VALUE 设置
再对php.ini设置 [HOST=XXX] [PATH=XXX]
三管齐下妈妈再也不用担心我的php open_basedir了(希望吧)
虽然很啰嗦,但是这样岂不是更放心
总而言之就是下面的结果,我就是下面这种啰嗦的配置
#在php-fpm.conf对应的pool池中行尾配置php_admin_value[open_basedir]=/home/wwwroot/:/proc/:/tmp/#在nginx fastcgi fastcgi_param配置#这里用$document_root是一种取巧的方法,也可以设置绝对路径# set php open_basedirfastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";#在php.ini行尾配置[HOST=www.iamle.com]open_basedir=/home/wwwroot/www.iamle.com/:/proc/:/tmp/[PATH=/home/wwwroot/www.iamle.com/]open_basedir=/home/wwwroot/www.iamle.com/:/proc/:/tmp/
测试中还发现这三个地方配置的优先级如下
“php.ini” > “nginx fastcgi fastcgi_param” > “php-fpm.conf”
How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AMTomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe
Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AMArrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.
How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AMPHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.
How can you trace session activity in PHP?Apr 27, 2025 am 12:10 AMTracking user session activities in PHP is implemented through session management. 1) Use session_start() to start the session. 2) Store and access data through the $_SESSION array. 3) Call session_destroy() to end the session. Session tracking is used for user behavior analysis, security monitoring, and performance optimization.
How can you use a database to store PHP session data?Apr 27, 2025 am 12:02 AMUsing databases to store PHP session data can improve performance and scalability. 1) Configure MySQL to store session data: Set up the session processor in php.ini or PHP code. 2) Implement custom session processor: define open, close, read, write and other functions to interact with the database. 3) Optimization and best practices: Use indexing, caching, data compression and distributed storage to improve performance.
Explain the concept of a PHP session in simple terms.Apr 26, 2025 am 12:09 AMPHPsessionstrackuserdataacrossmultiplepagerequestsusingauniqueIDstoredinacookie.Here'showtomanagethemeffectively:1)Startasessionwithsession_start()andstoredatain$_SESSION.2)RegeneratethesessionIDafterloginwithsession_regenerate_id(true)topreventsessi
How do you loop through all the values stored in a PHP session?Apr 26, 2025 am 12:06 AMIn PHP, iterating through session data can be achieved through the following steps: 1. Start the session using session_start(). 2. Iterate through foreach loop through all key-value pairs in the $_SESSION array. 3. When processing complex data structures, use is_array() or is_object() functions and use print_r() to output detailed information. 4. When optimizing traversal, paging can be used to avoid processing large amounts of data at one time. This will help you manage and use PHP session data more efficiently in your actual project.
Explain how to use sessions for user authentication.Apr 26, 2025 am 12:04 AMThe session realizes user authentication through the server-side state management mechanism. 1) Session creation and generation of unique IDs, 2) IDs are passed through cookies, 3) Server stores and accesses session data through IDs, 4) User authentication and status management are realized, improving application security and user experience.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
