About PHP vulnerabilities and how to prevent PHP vulnerabilities?

There are only a few types of vulnerabilities, such as XSS, SQL injection, command execution, upload vulnerability, local inclusion, remote inclusion, permission bypass, information disclosure, cookie forgery, CSRF (cross-site request), and so on. These vulnerabilities are not just for the PHP language, this article simply describes how PHP effectively prevents these vulnerabilities.

1.XSS + SQL Injection (detailed introduction to XSS attacks)

The bulk of this is the nature of XSS and SQL injection, for the framework type or public files, it is recommended to do a uniform XSS and SQL injection filtering in public files. Write a filter function in PHP, which can be as follows:

$_request = FILTER_XSS ($_request);

$_get = FILTER_XSS ($_get);

$_post = FILTER_XSS ($_post);

$_cookie = FILTER_XSS ($_cookie);

$_post = Filter_sql ($_post);

$_get = Filter_sql ($_get);

$_cookie = Filter_sql ($_cookie);

$_request = Filter_sql ($_request);

The simplest FILTER_XSS function is htmlspecialchars ()

The simplest filter_sql function is mysql_real_escape_string ()

Of course, everyone knows this filter filter_sql (in detail to prevent SQL injection) can only filter the character type and search type of injection, for the digital type is no way, but also explained that the layer of filtering, only need to pay attention to the number of SQL statements on the back, encountered the addition of intval filter can be, It's getting a lot easier.

2. Command execution

For command execution, you can start with the keyword, which can be divided into 3 categories altogether.

(1) PHP code execution: eval, etc.

(2) Shell command execution: Exec, PassThru, System, SHELL_EXEC, etc.

(3) file processing: fwrite, fopen, mkdir, etc.

For these categories it is important to note whether the parameters are user-controllable.

3. Upload Vulnerability

For the upload vulnerability, but also focus on the place, to carefully analyze its processing process, for the upload of the way is a lot of, the safest way: In the save file is the name of the random names and suffix whitelist. The second thing to note is that there may be more than one place to upload files, do not have omissions, you may encounter such a situation, suddenly in a directory containing a third-party editor inside.

The file contains the functions involved in the vulnerability such as include (), include_once (), require (), require_once (), file_get_contents (), etc.

The most common is to download the file function functions, such as download.php?file=. /.. /.. /ETC/PASSWD in this type.

4. Permission Bypass

Permission bypass can be divided into two categories.

(1) unauthorized access to background files. Background files do not contain the validation of the session, it is prone to such problems

(2) No user isolation, such as mail.php?id=23 display your letter, then a change of ID, mail.php?id=24 to see someone else's letter, writing code is convenient, the letter has a data table, ID uniform number, the front-end display only by the ID can be removed, But no user isolation, determine attribution, easy to cause unauthorized access.

Such an example is very common, and it is often found to be an assessment of a bank.

5. Information disclosure

Information leakage is a relatively low-risk vulnerability, such as the listing of the list is a deployment problem, and the code audit is irrelevant, and such as the storm path, the source of the storm is to be prevented. Ever encountered such a code

Seemingly no problem, but when the request becomes xx.php?a[]=1, that is, when the parameter becomes an array, there will be an error so that the path leaks, and the isset judgment is not, of course, the prevention is too troublesome, it is recommended to close the error in the configuration file, Or, add the following code to the public file to turn off the error display function:

Before PHP Point-to-point (phpddt.com) There is an article: about the PHP prevention of vulnerability policy, introduced the register_globals of the harm and magic quotes use instructions.

The above describes the vulnerability of PHP and how to prevent PHP vulnerabilities? , including the aspects of the content, want to be interested in PHP tutorial friends helpful.

