Home  >  Article  >  Backend Development  >  Discussion: Vulnerabilities on the web, analysis of their principles, and prevention methods_PHP Tutorial

Discussion: Vulnerabilities on the web, analysis of their principles, and prevention methods_PHP Tutorial

WBOY
WBOYOriginal
2016-07-21 15:02:351014browse

The website provides an upload function, which is a function that many sites often have, such as shopping malls, forums, and some common network disk sites. Commonly seen on the Internet, we often hear that a certain site has an upload vulnerability, and a certain open source project has an upload vulnerability. Dynamic programs began to appear on the Internet, and vulnerabilities appear frequently in various systems like ghosts. Why does an online storage vulnerability appear so frequently? Moreover, some systems have been patched repeatedly but have not been successfully patched many times! In fact, the main problem still arises from the principle of storage. Let’s take a look first at the uploading process.
Analysis of the storage process on the website

Copy code The code is as follows:

header(" Content-type: text/html; charset=utf-8");
if($_FILES)
{
echo '
';<br> var_dump($_FILES);<br>echo '
';
}
?>

< ;input type="file" name="txt" size="50">



The above is a simple test example, let’s take a look

Let’s analyze it:
name comes from selecting the file name when saving.
type is the file type. Where does this type come from? Haha, this is very critical. Many times, many fans will think that this is generated automatically by the server. If you think so, I think it is possible. PHP encapsulates uploading, and it seems that it comes with its own class library. But, think about it on the other hand, no matter what format file you choose, there will be a format type. Thinking about it this way, we infer that this value may also come from user input. Let's capture the packet and see our type.

type value also comes from the user input value.
size comes from the program's calculation of the size of the saved file, which is automatically calculated. Compared to what we all know.

What do you mean by saying so much?
I think some friends have started to ask, what is the connection between the file format I analyzed above and the vulnerability in development. In fact, let's think about what was mentioned above, a file name name attribute, and a file type type attribute. It is often used when we store files on our server and process them on the backend. As a developer, when using these two variables, you must continue to implement the principle of "all code input is harmful". When you use it, treat it like other get and post variables. To detect, filter all input variables.
What we often do is to limit user input to a file in a certain format, and then save it in that format. The analysis has come to this point. There are many areas that need to be analyzed further. Today I will give an outline first. Next, we will analyze these three common types of vulnerabilities.
1. Use user file names to generate files, and the filtering of special characters is not strict, resulting in file generation vulnerabilities
2. When moving the file directory, due to the splicing of file names passed in by the user, Generate to the error directory
3. Believe that the user input type type, directly save the user file name as a file

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327915.htmlTechArticleThe website provides an upload function, which is a function that many sites often have, including malls, forums and some common network disk sites. . On the Internet, we often hear that a certain site appears on...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn