Summary of Several PHP Vulnerabilities You Need to Pay Attention to_PHP Tutorial

Several PHP loopholes to pay attention to
Several important php.ini options
Register Globals
php>=4.2.0, the default value of register_globals option in php.ini is Off by default. When register_globals When set to On, the program can receive various environment variables from the server, including variables submitted by forms, and because PHP does not have to initialize the values ​​of variables in advance, it leads to great security risks.
Example 1:

Copy code The code is as follows:

　 //check_admin() is used to check the current user permissions. If it is admin, set the $is_admin variable to true , and then determine whether this variable is true, and then perform some management operations
// ex1.php

if (check_admin())
{
$is_admin = true;
　}
　if ($is_admin)
　{
　do_something();
　}
　?>

　This code does not initialize $is_admin in advance Flase, if register_globals is On, then we can directly submit http://www.sectop.com/ex1.php?is_admin=true to bypass the verification of check_admin()
Example 2:

Copy code The code is as follows:

　//ex2.php
　
　if (isset($_SESSION["username"]))
　{
　do_something();
　}
　else
　{
　echo "You are not logged in yet!";
　}
　?>

Copy code The code is as follows:

　//ex1.php
　
　$dir = $_GET[" dir"];
if (isset($dir))
　{
echo "";
system("ls -al ".$dir);
echo "";
　}
　?>

　mixed eval(string code_str) //eval injection usually occurs when the attacker can control the input string
　/ /ex2.php

Copy code The code is as follows:

　
　$var = "var";
　if (isset( $_GET["arg"]))
　{
$arg = $_GET["arg"];
eval("$var = $arg;");
echo "$var = ".$var;
　}
　?>

http://www.bkjia.com/PHPjc/325020.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/325020.htmlTechArticleSeveral PHP vulnerabilities to pay attention to and several important php.ini options Register Globals php=4.2.0,php The default value of register_globals option in .ini is Off by default. When register_globals is set to On, the process...