Discussion: Analysis and Prevention of web memory vulnerabilities and principles

This article provides a detailed analysis of web storage vulnerabilities, principles, and prevention methods. For more information, see website storage, there are also some common online storage sites in the forum. On the Internet, we often hear that some websites have stored vulnerabilities, and some open-source projects have stored vulnerabilities. Dynamic programs started to appear on the Internet, and stored vulnerabilities frequently appear in various systems like ghosts. Why is a stored vulnerability so frequently. In addition, some systems have been repaired repeatedly and have not been successfully repaired many times! In fact, the main problem is that the above principle occurs. Let's first look at the stored process.
Website Storage process analysis
The code is as follows:
Header ("Content-type: text/html; charset = utf-8 ");
If ($ _ FILES)
{
Echo'

';
 var_dump($_FILES);
 echo '

';
}
?>


The above is a simple test example. let's take a look.

Let's analyze:
Name: select the file name when storing data.
Type is a file type. what about this type? Well, this is very important. In many cases, many people think that this is automatically generated by the server. If you think so, you may think it is also possible. Php encapsulates the storage, and its built-in class library seems to be okay. However, if you choose any format file, the format type is available. In this case, we infer that this value may also come from user input. Let's take a look at our type.

The type value also comes from the user input value.
The size comes from the size of the stored files calculated by the program. this is automatically calculated. It is clearer than ours.

What do you mean by so many?
A friend may have asked me what is the association between my analysis on the file format and development vulnerabilities. In fact, let's think about it. as mentioned above, the name attribute of a file and the type attribute of the file type. It is often used when we store files and process them at the backend. As a developer, when using these two variables, you must continue to execute the "all input code is harmful" principle. When using it, you need to treat it as, and process it like other get and post get variables. To detect and filter all input variables.
We often make the function to limit that user input must be in a certain format and then save it as this format. After the analysis, there are many areas for further analysis. today we will outline them.Next, we will analyze the three common types of memory vulnerabilities.
1. the user file name is used to generate a file. the special characters are not strictly filtered, resulting in a file generation vulnerability.
2. when moving the file directory, the file names passed by the user are spliced to generate an error directory.
3. believe that the type is input by the user and save the user's file name as a file.