PHP default installation creates system vulnerabilities

Home

Backend Development

PHP Tutorial

PHP default installation creates system vulnerabilities_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 21, 2016 pm 04:08 PM

phpChinesepublishexistitInstallloopholessystemdefault

This vulnerability was published in packetstorm. I translated it into Chinese and added some comments of my own. I hope it will be helpful to friends who run
PHP on NT.

After you download PHP, the installation file contained in it helps to install PHP on NT + Apache Web Server
. The installation help will ask you to add the following lines of settings Go to apache's httpd.conf settings file, and this installation file will guide you to open your system portal.

These lines of commands are:

ScriptAlias /php/ "c:/php/"
AddType application/x-httpd-php .php
Action application/x- httpd-php "/php/php.exe"

We further explain these three lines of settings. These setting commands require Apache to map the /php/ virtual directory directly to the c:/php/
directory. , so when you use:

"http://www.example.com/php/"

to link to a web page, the Web Server actually accesses c:/ directly. php/ directory, then you will see the error message "Access Denied"
, but when you use:

"http://www.example.com/php/php.exe When you use the "

command to connect, you will find that the server sends back the line "No input file specified.". This line is sent back by php.exe
, indicating that you have just connected. The php executable file is executed on this server.

If your server is set up using the installation method taught to you in php, you may have the following crisis at this time.

[** Vulnerability 1 **]

We can use this vulnerability to read any file on this server, even across disks, as long as we use the following method to connect:

"http://www.example.com/php/php.exe?c:winntrepairsam"

PHP will throw the file "c:winntrepairsam" to the browser and send it is displayed, and this file is where Windows NT
saves passwords,

"http://www.example.com/php/php.exe?d:winntrepairsam"

PHP will transfer the same files in the D: disk.
With this SAM file, hackers can use it to crack the password you set on this machine.

[** Vulnerability 2 **]

If you specify a file in the php directory, your web server will try to execute the file and pass an error message, so when you
Used:

"http://www.example.com/php/php4ts.dll"

This error will cause the Web Server to return "couldnt create child process: 22693: C:/php/php4ts.dll"
This information, thus leaking the real directory where you installed PHP

PS. After my testing, the second vulnerability is in PHP V4 When executed on .11, an "Internal Server Error" error will be returned.
does not leak the directory structure, but in PHP V4.11, the first vulnerability is still valid.

Simple solution: Use a long and difficult-to-determine virtual directory to place the PHP executable file, such as:

ScriptAlias /php-mY-sCrIpT/ "c:/php411/"
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php-mY-sCrIpT/php.exe"

This way it will be difficult for intruders to know where PHP is stored directory, thereby reducing the chance of being hacked.
Remember to restart Apache Service after changing httpd.conf∶

NET STOP APACHE
NET START APACHE

[END]

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AM

TooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC

PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AM

PHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct

How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AM

The best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.

Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AM

CustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr

Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AM

Sending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.

What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Blue Prince: How To Get To The Basement

1 months agoByDDD

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Zend Studio 13.0.1

Powerful PHP integrated development environment

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software