[Turn] advanced PHP application vulnerability audit technology original address: http://code.google.com/p/pasc2at/wiki/SimplifiedChinese? Advanced PHP application vulnerability audit technology advanced PHP application vulnerability audit technology preface traditional code audit technology PHP version and application code audit other [go] advanced PHP application vulnerability audit technology
Address: http://code.google.com/p/pasc2at/wiki/SimplifiedChinese
?
Advanced PHP application vulnerability review technology
- Advanced PHP application vulnerability review technology
- Preface
- Traditional code auditing technology
- PHP version and application code audit
- Other factors and application code auditing
- Extend our dictionary
- Key of the variable itself
- Variable overwrite
- Traverse initialization variables
- Parse_str () variable overwrite vulnerability
- Import_request_variables () variable overwrite vulnerability
- PHP5 Globals
- Magic_quotes_gpc and code security
- What is magic_quotes_gpc?
- Which of the following are not protected by magic quotes?
- Variable encoding and decoding
- Secondary attack
- New security problems caused by Magic Quotes
- Variable key and magic quotes
- Code injection
- Functions that may cause code injection in PHP
- Variable functions and double quotation marks
- PHP function vulnerabilities and defects
- PHP function overflow vulnerability
- Other vulnerabilities in PHP functions
- Session_destroy () file deletion vulnerability
- Random functions
- Special characters
- Truncation
- Include truncation
- Data truncation
- Special characters in file operations
- How to further find new dictionaries
- DEMO
- Remarks
- Appendix
