Example analysis of Y2K38 vulnerability solutions in php, y2k38 example analysis_PHP tutorial

Example analysis of Y2K38 vulnerability solutions in php, y2k38 example analysis

This article analyzes the solution to the Y2K38 vulnerability in PHP with examples. Share it with everyone for your reference. The specific analysis is as follows:

Y2K38, also known as Unix Millennium Bug, this vulnerability will affect PHP and other programming languages ​​​​that use UNIX timestamp integers to record time under all 32-bit systems.

The maximum time that an integer variable can be saved is January 19, 2038 03:14:07. After this time is exceeded, the integer value will overflow.

Starting from January 1, 1970, to Tuesday, January 19, 2038 at 03:14:07 UTC, it exceeded 2^31 – 1. 2^31 – 1 is 0x7FFFFFFF. I believe many programmers have seen it. , on a 32-bit system, this represents the largest signed integer. If expressed in seconds, it is roughly equivalent to 68.1 years, which is exactly the number from 1970 to 2038.

Dates displayed after January 19, 2038 03:14:07 under 32-bit systems will overflow.

<&#63;php
$date = '2040-01-01 12:00:00';
echo strtotime($date);           // 空 溢出
echo date('Y-m-d H:i:s', strtotime($date)); // 1970-01-01 00:00:00
&#63;>

So will 64-bit systems be affected?

Theoretically no, it is strongly recommended to test it. The furthest date that can be saved under a 64-bit system is 21 times the current age of the universe ~ 29.2 billion years.

On 32-bit machines, you can use the DateTime class to solve this problem. (PHP5.2 began to introduce this class, and expanded some methods in version 5.3)

The code is as follows:

<&#63;php
$date = '2040-01-01 12:00:00';
$dt = new DateTime($date);
echo $dt->format('U');      // 2209032000
echo $dt->format('Y-m-d H:i:s'); // 2040-01-01 12:00:00 
&#63;>

I hope this article will be helpful to everyone’s learning of PHP programming.

The website is not developed using PHP, why can there be PHP vulnerabilities in the vulnerability scan?

It’s hard to say without a specific vulnerability description
1. Your network is not developed by PHP, but it has permission to run PHP programs, so there is a PHP vulnerability prompt.
2. Universal technical vulnerabilities can exist in any language. The scanned image is convenient and can be directly said to be a PHP vulnerability.
3. The response to the A language request is normal, but the response to the PHP request is abnormal, which is a hit type and can be ignored.
4. I really can’t think of a possible name for the vulnerability, it’s called “php vulnerability”

PHP website vulnerability scanning tool, free

eesafe Website Security Alliance free website vulnerability scanning and Trojan detection

http://www.bkjia.com/PHPjc/882913.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/882913.htmlTechArticleExample analysis of Y2K38 vulnerability solutions in php, y2k38 example analysis This article provides an example analysis of solutions to the Y2K38 vulnerability in php . Share it with everyone for your reference. The specific analysis is as follows: Y2K3...