Home >Backend Development >PHP Tutorial >Bit by bit analysis of php global variable vulnerabilities
register_globals is a control option in php, which can be set to off or on. The default is off, which determines whether to register EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. If register_globals is turned on, the data submitted by the client contains the GLOBALS variable name, which will overwrite the $GLOBALS variable on the server. So this code is a judgment. If the submitted data contains the GLOBALS variable name, the program will be terminated. The security issue caused by this becomes PHP's "automatic global variable vulnerability". Please be sure to turn off the register_globals option. And use $_GET, $_POST, $_COOKIE instead of $_REQUEST. Discuz! Forum bypasses global variable defense vulnerability Since the default value of request_order in the php.ini setting of php5.3.x version is GP, global variable defense can be bypassed in Discuz! 6.x/7.x. In include/global.func.php:
include/common.inc.php:
You can bypass the above code by submitting the GLOBALS variable when register_globals=on. Prevention methods provided in Discuz!:
The value of the $_REQUEST super global variable is affected by request_order in php.ini. In the latest php5.3, the default value of request_order is GP, that is, under the default configuration, $_REQUEST only contains $_GET and $_POST but not $_COOKIE. . GLOBALS variables can be submitted with the help of COOKIE. Temporary solution: Change the php.ini settings in php 5.3.x and set request_order to GPC. This is about introducing the loopholes and temporary solutions to global variables in PHP. I hope it will be helpful to everyone. |