A bit analysis of PHP global variable Vulnerability

if (Isset ($_request[' GLOBALS ')) OR isset ($_files[' GLOBALS '])) { Exit (' Request tainting attempted. '); } Copy Code Register_globals is a control option in PHP that can be set to off or on, default to OFF, to decide whether to register the egpcs (environment,get,post,cookie,server) variable as a global variable. If Register_globals is turned on, the client-submitted data contains the Globals variable name, overwriting the $globals variable on the server. So this code, is to judge, if the submitted data has globals variable name, it terminates the program. The resulting security issue becomes an "automatic global variable Vulnerability" in PHP, so make sure to turn off the register_globals option. and use $_get, $_post, $_cookie rather than $_request. discuz! Forum Bypass global Variable Defense vulnerability Because the default value of Request_order is GP in the settings of php5.3.x version php.ini, it causes discuz! Global variable defenses can be bypassed in 6.x/7.x. In the include/global.func.php: function Daddslashes ($string, $force = 0) { !defined (' MAGIC_QUOTES_GPC ') && define (' MAGIC_QUOTES_GPC ', GET_MAGIC_QUOTES_GPC ()); if (! MAGIC_QUOTES_GPC | | $force) { if (Is_array ($string)) { foreach ($string as $key = = $val) { $string [$key] = Daddslashes ($val, $force); } } else { $string = Addslashes ($string); } } return $string; } Copy Code In include/common.inc.php: foreach (Array (' _cookie ', ' _post ', ' _get ') as $_request) { foreach ($$_request as $_key = $_value) { $_key{0}! = ' _ ' && $$_key = daddslashes ($_value); } } Copy Code The above code can be bypassed at Register_globals=on by committing the globals variable. The precautionary approach provided in discuz!: if (Isset ($_request[' GLOBALS ')) OR isset ($_files[' GLOBALS '])) { Exit (' Request tainting attempted. '); } Copy Code The value of the $_request Super global variable is affected by the Request_order in PHP.ini, in the latest php5.3, the Request_order default is GP, which is the default configuration $_request contains only $_get and $_post and not $_ Cookies. Use cookies to submit globals variables. Workaround: Change the php.ini settings in PHP 5.3.x and set the Request_order to GPC. About the global variables in PHP vulnerability and temporary solution, this is introduced, I hope to help you.

