Phpinfo ()
Function Description: Output PHP environment information and related modules, WEB environment and other information.
Hazard Rating: Medium
PassThru ()
Function Description: Allows an external program to execute and echo output, similar to exec ().
Hazard Rating: High
EXEC ()
Feature Description: Allows an external program (such as a UNIX shell or CMD command, etc.) to be executed.
Hazard Rating: High
System ()
Function Description: Allows an external program to execute and echo output, similar to PassThru ().
Hazard Rating: High
Chroot ()
Function Description: The working root of the current PHP process can be changed, only if the system supports CLI mode PHP, and the function is not applicable to Windows systems. Hazard Rating: High
Scandir ()
Feature Description: Lists the files and directories in the specified path.
Hazard Rating: Medium
CHGRP ()
Function Description: Change the user group to which the file or directory belongs.
Hazard Rating: High
Chown ()
Function Description: Change the owner of the file or directory.
Hazard Rating: High
Shell_exec ()
Function Description: Executes the command through the shell and returns the execution result as a string.
Hazard Rating: High
Proc_open ()
Function Description: Executes a command and opens the file pointer for reading and writing.
Hazard Rating: High
Proc_get_status ()
Function Description: Gets information about the process opened using Proc_open ().
Hazard Rating: High
Error_log ()
Function Description: Sends the error message to the specified location (file).
Security Note: In some versions of PHP, you can use Error_log () to bypass PHP safe mode,
Executes arbitrary commands.
Hazard Rating: Low
Ini_alter ()
Function Description: is an alias function of the Ini_set () function, the function is the same as Ini_set ().
See Ini_set () for details.
Hazard Rating: High
Ini_set ()
Function Description: Can be used to modify and set the PHP environment configuration parameters.
Hazard Rating: High
Ini_restore ()
Function Description: Can be used to restore the PHP environment configuration parameters to its initial value.
Hazard Rating: High
DL ()
Function Description: Loads a PHP external module while PHP is running (not at startup).
Hazard Rating: High
Pfsockopen ()
Feature Description: Establish a socket persistent connection to an Internet or UNIX domain.
Hazard Rating: High
Syslog ()
Function Description: A system-level syslog () function that can invoke a UNIX system.
Hazard Rating: Medium
Readlink ()
Function Description: Returns the content of the destination file to which the symbolic connection is directed.
Hazard Rating: Medium
Symlink ()
Function Description: Establish a symbolic link in the UNIX system.
Hazard Rating: High
Popen ()
Function Description: You can pass a command through the parameters of the Popen () and execute the file opened by Popen ().
Hazard Rating: High
Stream_socket_server ()
Function Description: Establish an Internet or UNIX server connection.
Hazard Rating: Medium
Putenv ()
Function Description: Used to change the system character set environment while PHP is running. In PHP below 5.2.6, you can use this function
After modifying the system character set environment, use the SendMail directive to send special parameters to execute the System SHELL command.
Hazard Rating: High
The Disable method is as follows:
Opens the/etc/php.ini file,
To find the disable_functions, add the function name that you want to disable, as follows:
Phpinfo,eval,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter, Ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket, Fsockopen
PHP security function phpinfo ()