PHP Web site Common Security vulnerabilities and defense methods

Source: Internet
Author: User
Tags execution file upload session id sql variables sql injection version variable

At present, based on PHP web site development has become the mainstream of the current site development, the author focuses on the PHP site from the attack and security aspects of the inquiry, aimed at reducing the vulnerability of the site, I hope to help you!

A common PHP Web site security vulnerabilities

For PHP vulnerabilities, there are currently five common vulnerabilities. They are session file vulnerabilities, SQL injection vulnerabilities, script command execution vulnerabilities, global variable vulnerabilities, and file vulnerabilities. Here is a brief introduction to these vulnerabilities.

1. session File Vulnerability

The session attack is one of the most commonly used attack methods by hackers. When a user visits a Web site, in order to exempt customers from each person to a page to lose their account and password, PHP set up a session and cookies used to facilitate the user's use and visit.

2. SQL Injection Vulnerability

In the development of the website, the programmer because of the lack of comprehensive judgment of the user's data or poor filtering causes the server to execute some malicious information, such as user information inquiries. The hacker can obtain the corresponding information according to the result returned by the malicious program. This is the SQL injection hole in the monthly stomach.

3. Script execution vulnerability

A common reason for script execution vulnerabilities is that the URL parameters that the programmer submits to the user during the development of the Web site are less likely to be caused by user-submitted URLs that may contain malicious code that can cause Cross-site scripting attacks. Script execution vulnerabilities often exist in previous PHP sites, but as the PHP version is upgraded, these problems have been reduced or non-existent.

4. Global variable Vulnerability

PHP variables in the use of the time is not like other development languages need to be stated in advance, PHP variables can be directly used without declaration, the system automatically created when used, and do not need to describe the variable type, the system will automatically determine the variable type according to the context environment. This approach can greatly reduce the programmer's programming error probability, it is very convenient to use.

5. File Vulnerabilities

File vulnerabilities are usually due to the lack of adequate filtering of the external data provided by web developers in the design of the Web site, causing the hacker to exploit the vulnerabilities to execute the corresponding commands on the Web process. If you include such a piece of code in lsm.php: include ($b. " /aaa.php ".), this for hackers, you can use variable $b to achieve remote attacks, can be the hacker's own code, used to achieve attacks on the site. You can submit a.php include=http://lz7.0.0 to the server. 1/b.php, and then execute the b.php instructions.

Second, PHP common loopholes in the prevention measures

1, for the session to prevent the vulnerability

From the previous analysis, you can know that the session attack is the most common conversation hijacking, that is, hackers through a variety of attacks to obtain the user's sessions ID, and then use the identity of the attack users to log on to the corresponding web site. To this end, there are several ways to guard against: one is to replace the session ID periodically, the replacement session ID can be implemented with PHP function; the second is to change the session name, usually the default name of the session is PHPSESSID, This variable is usually stored in a cookie, if changed its name, you can block the hacker part of the attack, the third is the transparent session ID closed processing, the so-called transparency is also refers to the HTTP request does not use cookies to develop session ID, The Sessioin ID is passed with a link. Turning off the transparent session ID can be done by manipulating the php.ini file, and four by passing the hidden parameters through the URL, which ensures that even if the hacker gets the session data, the associated parameter is hidden because it It is also difficult to get the session ID variable value.

2. Prevention of SQL Injection Vulnerability

Hackers do a lot of SQL injection, but also flexible, but the common denominator of SQL injection is the use of input filtering vulnerabilities. Therefore, to fundamentally prevent SQL injection, the fundamental solution is to strengthen the filtering of request commands, especially query request commands. Specifically, include the following: first, the filter statements are parameterized processing, that is, through parameterized statements to implement user information input rather than directly embed user input into the statement. Second, in the development of the site as much as possible use of interpretative procedures, hackers often through this means to carry out illegal orders; third, in the development of the Web site to avoid bugs when possible, or hackers may use this information to attack the site; just by defending SQL injection is not enough, It is also common to use professional vulnerability scanning tools to scan your site for vulnerabilities.

3, the script execution vulnerability prevention

There are many ways for hackers to exploit scripts to execute vulnerabilities, and they are flexible, so it is necessary to use a combination of various methods to prevent hackers from attacking script execution vulnerabilities effectively. The methods commonly used here are as follows four kinds. The first is to set the path of the executable file in advance. It can be realized by Safe_moade_exec_dir, and the other is to deal with the command parameter, which is usually realized by Escapeshellarg function, and the third is to replace the external command with the function library with the system; Four is in the operation time to be possible to reduce the use of external commands.

4, the global Variable Vulnerability prevention

For PHP global variable Vulnerability problem, the previous version of PHP has such a problem, but with the PHP version upgrade to 5.5 after the php.ini can be implemented by the settings, set Ruquest_order for GPC. Additionally, in the php.ini configuration file, you can set a Boolean value of Magic_quotes_runtime to alphanumeric backslashes in the overflow character of the externally-inductive data. To make sure that the Web site program is running in any setting state of the server. You can use the Get_magic_quotes_runtime detection settings at the beginning of the program to determine whether you want to manually process it, or turn it off with Set_magic_quotes_runtime (0) when you start (or do not need to escape automatically).

5, the File vulnerability prevention

For PHP file leakage can be set up and configured to the server to achieve the purpose of prevention. Here the specific operation is as follows: First, the PHP code in the error prompted to shut down, so as to avoid hackers through the error prompted to obtain database information and Web file physical path; the second is to Open_basedir set, that is, the directory outside the operation of the file to prohibit processing; this can be used for local files Process files to protect, to prevent them from being attacked, here also pay attention to guard against the session file and upload file attacks; The third is to set the Safe-made to open the state, which will be executed to standardize the command, by prohibiting file upload, can effectively improve the safety factor of PHP Web site.

"Responsible Editor: Wangxueyan TEL: (010) 68476606"


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.