程式碼稽核主要容易出現漏洞的介面和輸入輸出位置
1.1 //gloabals variable //key variable $GLOBALS $_SERVER $_GET $_POST $_FILES $_COOKIE $_SESSION $_REQUEST $_ENV regeister_globals=off gpc[$_GET,$_POST,$_COOKIE] 1.2 // vulnerability functions extract() EXTR_OVERWRITE parse_str() import_request_variables() HTTP_RAW_POST_DATA in()/limit()/order by/group by stripslashes() iconv()/mb_convert_encoding() magic_quotes_gpc=on eval() preg_replace() assert() call_user_func() call_user_func_array() create_function() session_destroy() rand() vs mt_rand() unset() . / 1.3 // check input data from user command parameter config file data index environment variable network service regedit key value temp file //tools xssdetect ratproxy http proxy 127.0.0.1:8080 codesonar yasca rips
以上就介紹了PHP語言程式碼漏洞審計技巧筆記分享,包括了方面的內容,希望對PHP教程有興趣的朋友有所幫助。
