This article provides a detailed analysis of the Null character in php Security. For more information, see the C-language-based function for PHP file system operations, therefore, it may handle Null characters in unexpected ways. The Null character is used in the C language to mark the end of a string. a complete string starts with it and ends with a Null character. The following code demonstrates a similar attack:
Example #1 code that will be attacked by Null characters The code is as follows:
$ File = $ _ GET ['file']; // "../etc/passwd \ 0"
If (file_exists ('/home/wwwrun/'. $ file. '. php ')){
// File_exists will return true as the file/home/wwwrun/.../../etc/passwd exists
Include '/home/wwwrun/'. $ file. '. php ';
// The file/etc/passwd will be encoded ded
}
?>
Therefore, any character string used for operating the file system (in particular, the string entered outside the program) must be properly checked. The following is an improved version of the preceding example:
Example #2 verify the correct input practices The code is as follows:
$ File = $ _ GET ['file'];
// Check the white list of strings
Switch ($ file ){
Case 'main ':
Case 'foo ':
Case 'bar ':
Include '/home/wwwrun/include/'. $ file. '. php ';
Break;
Default:
Include '/home/wwwrun/include/main. php ';
}
?>
A function error may expose the database being used by the system, or provide attackers with useful information about webpages, programs, or designs. Attackers often find open database ports and some bugs or vulnerabilities on the pages. For example, attackers can make program errors with some abnormal data to detect the authentication sequence in the script (the row number indicated by the error message) and other information that may be leaked in the script.
A file system or PHP error exposes the permissions of the web server and the organizational structure of the file on the server. The error code written by the developer will aggravate this problem and cause the original hidden information to be leaked.
There are three common solutions to these problems. The first is to thoroughly check all functions and try to make up for most errors. The second is to completely disable error reports for online systems. The third is to use the PHP custom error handling function to create its own error handling mechanism. Based on different security policies, all three methods may apply.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
