Code audit mainly interfaces and input and output locations that are prone to vulnerabilities
1.1 //gloabals variable //key variable $GLOBALS $_SERVER $_GET $_POST $_FILES $_COOKIE $_SESSION $_REQUEST $_ENV regeister_globals=off gpc[$_GET,$_POST,$_COOKIE] 1.2 // vulnerability functions extract() EXTR_OVERWRITE parse_str() import_request_variables() HTTP_RAW_POST_DATA in()/limit()/order by/group by stripslashes() iconv()/mb_convert_encoding() magic_quotes_gpc=on eval() preg_replace() assert() call_user_func() call_user_func_array() create_function() session_destroy() rand() vs mt_rand() unset() . / 1.3 // check input data from user command parameter config file data index environment variable network service regedit key value temp file //tools xssdetect ratproxy http proxy 127.0.0.1:8080 codesonar yasca rips
The above has introduced the sharing of notes on PHP language code vulnerability auditing skills, including relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
