PHP program common vulnerability attack

Obviously, this will display a text box and submit button. When the user clicks on the commit button, "Test.php" handles the user's input, when "Test.php" is running, "$ Hello" will contain the data entered in the text box. From here we should see that an attacker can create any global variables in accordance with their own will. If the attacker is not called "Test.php" through the form input, but directly in the browser address bar, http: //server/test.php? Hello = Hi & set ...      恰? / A > $ hello "is created," $ setup "is also created.

Translator Note: These two methods are also what we usually say "POST" and "GET" methods. The following user authentication code exposes security issues caused by the global variable of PHP:

The above code first checks if the user's password is "Hello". If you match, set "$ auth" to "1", that is, by authentication. If "$ Suth" is "1", some important information will be displayed.

The surface looks correct, and we have a considerable number of people doing this, but this code has made a mistake, it assumes that "$ auth" is empty when there is no set value, but does not think of an attacker You can create any global variables and assign a value, by "http://server/test.php? Auth = 1" ... and 丫 丫   ? / A>

Therefore, in order to improve the security of the PHP program, we cannot believe any variables that are not clearly defined. This can be a very difficult task if there are many variables in the program.

A commonly used protection is to check the variables in the array http_get [] or post_vars [], depending on our submissions (GET or POST). When the PHP is configured to open the "TRACK_VARS" option (this is the default value), the variable submitted by the user can be obtained in the total variable and the array mentioned above.

However, it is worth explanating that PHP has four different array variables to process users' input. HTTP_GET_VARS array is used to process variables submitted by the GET method, and the http_post_vars array is used to process variables submitted by the POST mode, and the http_cookie_vars array is used to process variables submitted as a cookie header, and for http_post_files arrays (the new PHP is only available), it is completely An alternative way for users to submit variables. A user's request can easily put the variables in these four arrays, so a secure PHP program should check these four arrays. [Remote File] PHP is a language with rich feature, providing a large number of functions that make the programmer to implement a feature. But from a safe point of view, the more features, the harder it is, the harder it is, the remote file is a good example of this problem:

/ n");?>

The above script attempts to open the file "$ filename", if the failed is displayed, the error message is displayed. Obviously, if we can specify "$ filename", you can use this script to browse any files in the system. However, this script still has a less obvious feature, which is to read files from any other web or FTP site. In fact, most file processing functions of PHP are transparent to the processing of remote files.

For example: If the "$ filename" is "http: //target/scripts/..