Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

Home > Backend Development > PHP Tutorial > body text

[转]高级PHP应用程序破绽审核技术

WBOY

Release： 2016-06-13 13:06:02

Original

831 people have browsed it

[转]高级PHP应用程序漏洞审核技术

原文地址：http://code.google.com/p/pasc2at/wiki/SimplifiedChinese

?

高级PHP应用程序漏洞审核技术

高级PHP应用程序漏洞审核技术
- 前言
- 传统的代码审计技术
- PHP版本与应用代码审计
- 其他的因素与应用代码审计
- 扩展我们的字典
  - 变量本身的key
  - 变量覆盖
    - 遍历初始化变量
    - parse_str()变量覆盖漏洞
    - import_request_variables()变量覆盖漏洞
    - PHP5 Globals
  - magic_quotes_gpc与代码安全
    - 什么是magic_quotes_gpc
    - 哪些地方没有魔术引号的保护
    - 变量的编码与解码
    - 二次攻击
    - 魔术引号带来的新的安全问题
    - 变量key与魔术引号
  - 代码注射
    - PHP中可能导致代码注射的函数
    - 变量函数与双引号
  - PHP自身函数漏洞及缺陷
    - PHP函数的溢出漏洞
    - PHP函数的其他漏洞
    - session_destroy()删除文件漏洞
    - 随机函数
  - 特殊字符
    - 截断
      - include截断
      - 数据截断
      - 文件操作里的特殊字符
- 怎么进一步寻找新的字典
- DEMO
- 后话
- 附录

Related labels：

magic php quotes variables

source：php.cn

Previous article： phper初学objective-c之读书笔记（1） Next article： phprpc例证

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

What is a NullPointerException, and how do I fix it?

2024-10-22 09:46:29
From Novice to Coder: Your Journey Begins with C Fundamentals

2024-10-13 13:53:41
Unlocking Web Development with PHP: A Beginner's Guide

2024-10-12 12:15:51
Demystifying C: A Clear and Simple Path for New Programmers

2024-10-11 22:47:31
Unlock Your Coding Potential: C Programming for Absolute Beginners

2024-10-11 19:36:51
Unleash Your Inner Programmer: C for Absolute Beginners

2024-10-11 15:50:41
Automate Your Life with C: Scripts and Tools for Beginners

2024-10-11 15:07:41
PHP Made Easy: Your First Steps in Web Development

2024-10-11 14:21:21
Build Anything with Python: A Beginner's Guide to Unleashing Your Creativity

2024-10-11 12:59:11
The Key to Coding: Unlocking the Power of Python for Beginners

2024-10-11 12:17:31

Latest Issues

PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...

From 2024-04-06 22:09:02

0

1

1428

Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...

From 2024-04-06 22:03:59

0

1

990

What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...

From 2024-04-06 21:55:20

0

1

778

Problems encountered when using opentbs to generate odt files: values of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...

From 2024-04-06 20:18:18

0

1

483

Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...

From 2024-04-06 17:27:56

0

1

406

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

About us Disclaimer Sitemap: php.cn：Public welfare online PHP training，Help PHP learners grow quickly！