PHP Security-Remote File Risk-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

PHP Security-Remote File Risk

黄舟

Feb 21, 2017 am 09:14 AM

Remote file risk

PHP has a configuration option called allow_url_fopen, which is enabled by default. It allows you to point to many types of resources and treat them like local files. For example, you can get the content (HTML) of a page by reading the URL:

<?php
 
  $contents =
file_get_contents(&#39;http://example.org/&#39;);
 
  ?>

As discussed in Chapter 5, serious vulnerabilities can arise when tainted data is used to point to files in include and require. In fact, I consider this vulnerability to be one of the most dangerous in PHP applications because it allows an attacker to execute arbitrary code.

Although slightly less severe, a similar vulnerability can result from using tainted data in a standard file system function:

 <?php
 
  $contents =
file_get_contents($_GET[&#39;filename&#39;]);
 
  ?>

## This example enables the user to manipulate file_get_contents( ) behavior so that it obtains the contents of the remote resource. Consider a request similar to the following:

http://www.php.cn/ ... mple.org%2Fxss.html

This leads to a situation where the value of $content is tainted. Since this value is obtained indirectly, this fact is likely to be ignored. This is why the defense-in-depth principle treats the file system as a remote data source and the value of $content as input, so your filtering mechanism can potentially turn things around.

Because the $content value is contaminated , it can lead to a variety of security vulnerabilities, including cross-site scripting vulnerabilities and SQL injection vulnerabilities. For example, here is an example of a cross-site scripting vulnerability:

  <?php
 
  $contents =
file_get_contents($_GET[&#39;filename&#39;]);
 
  echo $contents;
 
  ?>

# # The solution is to never point to a filename with tainted data. Always filter input and make sure the data is filtered before it points to a filename:

  <?php
 
  $clean = array();
 
  /* Filter Input ($_GET[&#39;filename&#39;]) */
 
  $contents =
file_get_contents($clean[&#39;filename&#39;]);
 
  ?>

Although there is no guarantee that the data in $content is completely flawless, this gives a reasonable guarantee that the file you are reading is exactly the file you intended to read, and not one specified by the attacker. To enhance the security of this process, you also need to treat $content as input and filter it before use.

<?php
 
  $clean = array();
  $html = array();
 
  /* Filter Input ($_GET[&#39;filename&#39;]) */
 
  $contents =
file_get_contents($clean[&#39;filename&#39;]);
 
  /* Filter Input ($contents) */
 
  $html[&#39;contents&#39;] =
htmlentities($clean[&#39;contents&#39;], ENT_QUOTES, &#39;UTF-8&#39;);
 
  echo $html[&#39;contents&#39;];
 
  ?>

## The above process provides a powerful method to prevent various attacks, and is recommended for use in actual programming.

The above is the content of PHP security-remote file risks. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between the unset() and unlink() functions ?Apr 30, 2025 pm 03:33 PM

The article discusses the differences between unset() and unlink() functions in programming, focusing on their purposes and use cases. Unset() removes variables from memory, while unlink() deletes files from the filesystem. Both are crucial for effec

What are Traits in PHP ?Apr 30, 2025 pm 03:31 PM

PHP traits enable code reuse in single inheritance contexts, offering benefits like reusability and simplified inheritance. They can be effectively combined with traditional inheritance to enhance class flexibility and modularity.

Is PHP supports multiple inheritance ?Apr 30, 2025 pm 03:30 PM

PHP does not support multiple inheritance but uses interfaces and traits as alternatives to achieve similar functionality, avoiding issues like the diamond problem.

What is inheritance in PHP ?Apr 30, 2025 pm 03:29 PM

Inheritance in PHP allows classes to inherit properties and methods, promoting code reuse and hierarchical organization. Key benefits include reusability, abstraction, and polymorphism. Common mistakes to avoid are overuse of inheritance and ignoring

What are the main error types, and how do they differ?Apr 30, 2025 pm 03:28 PM

The article discusses three main error types in programming: syntax, runtime, and logical errors. It explains their causes, prevention strategies, impacts on performance and user experience, and methods for diagnosis and resolution.

How can PHP and HTML interact?Apr 30, 2025 pm 03:27 PM

Article discusses PHP and HTML interaction, best practices for embedding PHP in HTML, dynamic HTML content generation, and recommended development tools.

What is the difference between for and foreach loop in PHP?Apr 30, 2025 pm 03:26 PM

The article discusses the differences between for and foreach loops in PHP, focusing on syntax, usage, control, and performance. Foreach is preferred for array iteration due to simplicity and efficiency, but for loops are better for index-based opera

Explain the importance of Parser in PHP.for eachApr 30, 2025 pm 03:25 PM

The article discusses the crucial role of the PHP parser in script execution, focusing on its tasks in syntax analysis, error handling, and code optimization, and how its efficiency impacts web application performance.

See all articles