Home > Backend Development > PHP Tutorial > PHP language code vulnerability audit skills notes sharing

PHP language code vulnerability audit skills notes sharing

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Release: 2016-07-29 09:00:23
Original
1254 people have browsed it

Code audit mainly interfaces and input and output locations that are prone to vulnerabilities

1.1

//gloabals variable

//key variable

$GLOBALS

$_SERVER

$_GET

$_POST

$_FILES

$_COOKIE

$_SESSION

$_REQUEST

$_ENV

regeister_globals=off 

gpc[$_GET,$_POST,$_COOKIE]

1.2

// vulnerability functions 

extract() EXTR_OVERWRITE

parse_str()

import_request_variables()

HTTP_RAW_POST_DATA

in()/limit()/order by/group by

stripslashes()

iconv()/mb_convert_encoding()

magic_quotes_gpc=on

eval()

preg_replace()

assert()

call_user_func()

call_user_func_array()

create_function()

session_destroy()

rand() vs mt_rand()
unset()
. /
1.3

// check input data from user 

command parameter

config file

data index

environment variable

network service

regedit key value

temp file


//tools  

xssdetect 

ratproxy http proxy 127.0.0.1:8080

codesonar

yasca

rips
Copy after login

The above has introduced the sharing of notes on PHP language code vulnerability auditing skills, including relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Issues
First javaScript variable
From 1970-01-01 08:00:00
0
0
0
super global variable
From 1970-01-01 08:00:00
0
0
0
Role-based variable products
From 1970-01-01 08:00:00
0
0
0
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template