A brief discussion on the security of PHP variable variables

怪我咯
Release: 2023-03-10 20:58:01
Original
1511 people have browsed it

Variable variables are a very convenient feature of PHP. As mentioned in the manual, Variable variables means that the variable name of a variable can be set dynamically!
So what security issues will arise if the variable name of the variable can be set dynamically? Let’s take a look:

<?php
$a = &#39;phpinfo&#39;;
$a();
?>
Copy after login

This code is easy to understand. The type of the variable is character phpinfo. () is added dynamically to the variable, so the variable becomes the phpinfo function and is executed dynamically!

According to the same principle, we cite the example of variable variables in the manual:

<?php
$a = &#39;phpinfo&#39;;
${$a()};
?>
Copy after login

This dynamic function puts dynamic variables into it. Of course, my statement is a bit unprofessional, or Variable variables, we will find that the phpinfo function is still executed!

If you have read the manual and the example I gave, you must feel that this is not magical at all. This is the grammatical feature of PHP, and then we will further evolve this thing into one line:

<?php
 
$a = "${${phpinfo()}}";
 
?>
Copy after login

This is two nested variable variables. We just fill in the contents of the variable variables ourselves according to the above example. In fact, we assign a certain function to a certain variable, so the phpinfo function is finally executed. , it turned into a prototype of various vulnerabilities and webshells!

Everyone should know after reading this, why the experts asked me to read PHP Manual, but does this article end here? We have missed a little bit, Daniel Having said that security is the foundation, we haven’t actually figured this out yet. Why are the variables in the previous example using single quotes, while the final example uses double quotes? If you have thought about this problem, I think you should do it. Security definitely has great potential, and it may become a big deal in the future!

The difference between single quotes and double quotes in PHP is still related to variables. Let’s take a look at the following example:

<?php
$a = &#39;phpinfo()&#39;;
echo $a; //输出phpinfo()字符串
echo &#39;$a&#39;; //输出$a字符串
echo "$a"; //输出phpinfo()字符串
?>
Copy after login

The content in double quotes will be parsed by PHP syntax variables, while single quotes The content inside is directly characterized as a string!

The above is the detailed content of A brief discussion on the security of PHP variable variables. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!