PHP program common vulnerability attack

xiaoxiao2021-03-05  21

[Global Variables] Variables in PHP do not require prior notes, they will automatically create during the first use, and their types do not need to be specified, they will automatically determine according to the context environment. From a programmer's perspective, this is undoubtedly an extremely convenient processing method. Obviously, this is also a very useful feature of rapid development of languages. Once a variable is created, you can use anywhere in the program. The result of this feature is that the programmer rarely initializes the variable. After all, when they created the first time, they are empty. Obviously, the main function of PHP-based applications is generally accepted by users (mainly form variables, upload files, and cookie, then process the input data, and then return the results to the client browser. In order to enable the PHP code to access the user's input as easy, PHP is actually handled by these input data as global variables. For example:

is clear, this will display a text Box and submit button. When the user clicks on the commit button, "Test.php" handles the user's input, when "Test.php" is running, "$ Hello" will contain the data entered in the text box. From here we should see that an attacker can create any global variables in accordance with their own will. If the attacker is not called "Test.php" through the form input, it is created, "$ setup" directly in the browser address bar. Hello = Hi & set ... $ Hello "is created," $ setup " It is also created. Translator Note: These two methods are also what we usually say "Post" and "get" methods. The following user authentication code exposes security issues caused by PHP global variables: The above code first checks if the user's password is "hello", if matching Setting "$ auth" to "1", that is, by authentication. If "$ Suth" is "1", some important information will be displayed. The surface looks correct, and we have a considerable number of people like this. Due, this code made a mistake, it assumes that "$ auth" is empty when there is no set value, but does not think that the attacker can create any global variables and assign the value, by "http: // server / Test.php?auth=1 "Therefore, in order to improve the security of the PHP program, we cannot believe any variables that are not clearly defined. If there are many variables in the program, this is a very difficult task. A commonly used The protection method is to check the variables in the array http_get [] or post_vars [], depending on our submissions (GET or POST). When PHP is configured to open the "TRACK_VARS" option (this is default), the user is submitted Variables can be obtained in the overall variables and arches mentioned above. However, it is worth explanating that PHP has four different array variables to process users' input.

HTTP_GET_VARS array is used to process variables submitted by the GET method, and the http_post_vars array is used to process variables submitted by the POST mode, and the http_cookie_vars array is used to process variables submitted as a cookie header, and for http_post_files arrays (the new PHP is only available), it is completely An alternative way for users to submit variables. A user's request can easily put the variables in these four arrays, so a secure PHP program should check these four arrays. [Remote File] PHP is a language with rich feature, providing a large number of functions that make the programmer to implement a feature. But from the perspective of security, the more functions, the harder it is, the harder, the remote file is a good example of this problem: / N ");?> The above script tries to open the file" $ filename ", if you fail, you will display the error message. Very obvious, if we If you can specify "$ filename", you can use this script to browse any files in the system. However, this script still has a less obvious feature, that is, it can read files from any other web or FTP site. Actually Most file processing functions for PHP are transparent to the processing of remote files. For example, if "$ filename" is "http: //target/scripts/..

转载请注明原文地址:https://www.9cbs.com/read-36064.html

New Post(0)