By John CoggeShall
08/28/2003
Welcome back to PHP Foundations. In my last article, I introduced you to the practice of practicing security in PHP, and continue to develop a series of articles in the development of good PHP programming habits.
This article will continue our discussion with more potential security vulnerabilities and instances that fix their tools and methods. Today I will start talking about a very serious potential security vulnerability in PHP development - a program that writes the underlying operating system call.
Execute system calls in PHP
There are many ways to perform system calls in PHP.
For example, System (), Exec (), PASSTHRU (), POPEN (), and back single quotes (`) operators allow you to perform system calls in our program. If these functions will be ä malicious users to open the door on your server. When visiting the file, in most cases, the Ann vulnerability occurs during system commands caused by unreliable external inputs.
An example of using system calls
Consider a program that handles HTTP files, it uses the Zip program to compress files and move it to the specified directory (default to / usr / local / archives /). code show as below:
PHP
$ zip = "/ usr / bin / zip";
$ store_path = "/ usr / local / archives /";
IF (isset ($ _ files [file ']) {
$ TMP_NAME = $ _files ['file'] ['TMP_NAME'];
$ CMP_NAME = DIRNAME ($ _ files ['file'] ['TMP_NAME']).
"/ $_files['file'][name']}.zip";
$ filename = basename ($ CMP_NAME);
IF (file_exists ($ tmp_name)) {
$ systemcall = "$ zip $ cmp_name $ tmp_name";
$ output = `$ systemcall`;
IF (file_exists ($ cmp_name)) {
$ SavePath = $ store_path. $ filename;
Rename ($ CMP_NAME, $ SavePath);
}
}
}
?>