Home > Backend Development > PHP Tutorial > Detailed explanation of PHP vulnerabilities_PHP tutorial

Detailed explanation of PHP vulnerabilities_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Release: 2016-07-13 17:43:19
Original
1352 people have browsed it

Several important php.ini options

Register Globals

php>=4.2.0, the default value of register_globals option in php.ini is Off by default. When register_globals is set to On, the program can receive various environment variables from the server, including variables submitted by the form. And because PHP does not have to initialize the value of the variable in advance, it leads to great security risks.

Example 1:

//check_admin() is used to check the current user permissions. If admin sets the $is_admin variable to true, then determine whether this variable is true, and then perform some management operations

 //ex1.php

 

 if (check_admin())

 {

 $is_admin = true;

 }

 if ($is_admin)

 {

do_something();

 }

 ?>

This piece of code does not initialize $is_admin to False in advance. If register_globals is On, then we can directly submit http://www.sectop.com/ex1.php?is_admin=true to bypass check_admin(). Verify

Example 2:

 //ex2.php

 

 if (isset($_SESSION["username"]))

 {

do_something();

 }

else

 {

echo "You are not logged in yet!";

 }

 ?>

 //ex1.php

 

$dir = $_GET["dir"];

 if (isset($dir))

 {

echo "

";<p> </p>
<p>  system("ls -al ".$dir);</p>
<p>  echo "</p>
Copy after login

";

 }

 ?>

 

 mixed eval(string code_str) //eval injection usually occurs when the attacker can control the input string

 //ex2.php

 

 $var = "var";

 if (isset($_GET["arg"]))

 {

$arg = $_GET["arg"];

eval("$var = $arg;");

echo "$var =".$var;

 }

 ?>

 

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/486002.htmlTechArticleSeveral important php.ini options Register Globals php=4.2.0, the default register_globals option of php.ini The default value is Off. When register_globals is set to On, the program can receive messages from the server...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Issues
php data acquisition?
From 1970-01-01 08:00:00
0
0
0
PHP extension intl
From 1970-01-01 08:00:00
0
0
0
How to learn php well
From 1970-01-01 08:00:00
0
0
0
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template