PHP program loopholes explain

Several important php.ini options

Register Globals

php> = 4.2.0, the default value for php.ini's register_globals option is set to Off. When register_globals is set to On, the program can receive various environment variables from the server, including form submitted variables, and because PHP You do not have to initialize the value of the variable in advance, which leads to a great potential safety hazard.

example 1:

// check_admin () is used to check the current user permissions, if admin is set $ is_admin variable is true, and then determine whether this variable is true, and then perform some operations management

//ex1.php

if (check_admin ())

{

$ is_admin = true;

}

if ($ is_admin)

{

do_something ();

}

?>

This section of code does not initialize $ is_admin to Flase in advance. If register_globals is On, we can bypass check_admin () by submitting http://www.sectop.com/ex1.php?is_admin=true directly

Example 2:

//ex2.php

if (isset ($ _ SESSION ["username"]))

{

do_something ();

}

else

{

echo "You are not logged in!";

}

?>

//ex1.php

$ dir = $ _GET ["dir"];

if (isset ($ dir))

{

echo "

system ("ls -al". $ dir);

echo "

";

}

?>

mixed eval (string code_str) // eval injection generally occurs when the attacker can control the input string

//ex2.php

$ var = "var";

if (isset ($ _ GET ["arg"]))

{

$ arg = $ _GET ["arg"];

eval ("$ var = $ arg;");

echo "$ var =". $ var;

}

?>