Home > Article > Backend Development > PHP vulnerability countermeasures_PHP tutorial
PHP vulnerability countermeasures_PHP tutorial
- WBOYOriginal
- 2016-07-13 17:22:27881browse
In fact, from a programming perspective, there is no problem with PHP. The main issue is whether things written in PHP are safe.
The operation of PHP is completed by its language interpreter. In NT or It is PHP.EXE under WIN9X. PHP.EXE is an interpreter. Its function is to interpret files with the suffix .PHP or .PHP3 or .PHTML or other files, and to access the database, read and write files or execute them according to the programs defined inside. External command. And organize the execution result into STRING and return it to WEB SERVER and then send it to the browser as an HTML format file.
Knowing its working process, we can discuss its SECURITY issue. In the above file, we mentioned I have been to PHP.EXE and mentioned reading files and executing external commands. In fact, these are security risks. You can use PHP.EXE to read the contents of any file under MS-DOS because its own working mechanism is also It is to read the content of the file, interpret the explanation, and filter the filter. So we can use this feature to read any content of the file we want to read through the WEB. Of course, this is not that simple. This requires the cooperation of the WEB SERVER. This is something we will talk about later.
The second feature of PHP is to read the contents of files. Many CGI vulnerabilities are caused by this feature. A very simple program: Its task is When reading the contents of the variable $file, programmers may naively think when calling the program, I am reading file A http://shabi.com/index.php3?file=a.txt which does not impose strict restrictions on the variable FILE. , which leads to security problems. I think people with a little bit of security knowledge also know to modify A.TXT to:/etc/passwd or ../../../../../winnt/ under NT. repair/sam._
The third feature of PHP is to execute external commands, which are more common under UNIX: ls, echo, etc. In fact, this is the most likely to cause problems. Everyone knows that SHELL can be executed continuously. For commands, you can use the pipe character |: or ~. Here I will give you an idea for everyone to discuss with me. This is about WEB MAIL, and of course it is also related to WEB programming. Generally speaking, we need to register when applying for a MAIL. , when registering, most of them have restrictions on names, such as length, etc. However, the restrictions on passwords are not strict and the length is also larger. The MAIL program may need to call the SHELL command to add users, such as: ADD USER. , the parameters are username and password. add user lovehacker 1234567 What will happen if my password is: a|reboot? Hey, if it does not encrypt the password and the permissions of the added user are large enough, haha, it will be reset Start COMPUTER. Of course, if it needs to be encrypted, it will also work. For example, using MD5 or DES, we can write a program to make the encrypted STRING: rf -rm /*Of course this is just an idea, I haven’t practiced it yet:_) I’m too busy at work! Of course, through my above thoughts, you can also see how serious it is to execute SHELL commands without making strict judgments!