PHP Vulnerability Full solution (a) the security of the PHP website

Source: Internet
Author: User
Tags php website sql injection attack

This article mainly describes the common attack methods for PHP websites, including common SQL injection, cross-site attack types. Several important parameter settings of PHP are also introduced. The following series of articles will stand in the attacker's perspective, revealing PHP security issues for you, while providing a corresponding solution.

The following are the main types of attacks for PHP websites:

1. Order Injection (Command injection)

2. Eval Injection (eval injection)

3. Client-side scripting Attack (script insertion)

4. Cross-site scripting attacks (Scripting, XSS)

5. SQL injection attack (SQL injection)

6. Cross-site request forgery attack (forgeries, CSRF)

7. Session hijacking (Sessions hijacking)

8, session fixed attack (session fixation)

9. HTTP response Split attack (HTTP Response splitting)

10 Files Upload Vulnerability (file Upload Attack)

11. Directory Traversal Vulnerability (directory traversal)

12. Remote file contains attack (inclusion)

13. Dynamic function Injection Attack (Variable Evaluation)

14. URL attack (URL attack)

15. Form submission Spoofing attack (spoofed form submissions)

16. HTTP request Spoofing Attack (spoofed HTTP requests)

Each subsequent installment will introduce the principles of these vulnerabilities and how to defend them.

A few important php.ini options:

Registerglobals

The default value of Php>=4.2.0,php.ini's register_globals option is preset to OFF when Register_globals

When set to ON, the program can receive various environment variables from the server, including the variables submitted by the form, and because PHP does not have to initialize the value of the variable beforehand, which leads to a large security risk.

Example 1:

Check_admin () is used to check the current user permissions, and if the admin setting is $is_admin the variable is true, then the following determines whether this variable is true and then performs some management operations.

    1. ex1.php

    2. if (Check_admin ())

    3. {

    4. $is _admin=true;

    5. }

    6. if ($is _admin)

    7. {

    8. Do_something ();

    9. }

    10. ?>

This section of code does not initialize $is_admin to Flase, if Register_globals is on, then we submit http://www.sectop.com/ex1.php?is_admin=true directly, You can bypass the validation of Check_admin ():

Example 2:

    1. ex2.php

    2. if (Isset ($_session["username"))

    3. {

    4. Do_something ();

    5. }

    6. Else

    7. {

    8. Echo"You are not logged in!";

    9. }

    10. ?>

When Register_globals=on, we commit http://www.sectop.com/ex2.php?_session[username]=dodo, we have this user's permission so no matter register_ Globals why, we have to remember that for any transmitted data to be carefully verified, the variables are initialized.

Safe_mode

In Safe mode, PHP is used to restrict access to documents, restrict access to environment variables, and control the execution of external programs. Enable

Safe Mode must set Safe_mode=on in PHP.ini

1. Restricting file access

Safe_mode_include_dir= "/path1:/path2:/path3"

Separate folders separated by colons

2. Restricting access to environment variables

Safe_mode_allowed_env_vars=string

Specifies that the PHP program can change the prefix of the environment variables, such as: Safe_mode_allowed_env_vars=php_, when the value of this option is NULL, then PHP can change any environment variables

Safe_mode_protected_env_vars=string is used to specify the prefixes of environment variables that the PHP program cannot change.

3. Restricting the execution of external programs

Safe_mode_exec_dir=string

The folder path specified by this option affects system, exec, Popen, PassThru, and does not affect Shell_exec and "".

Disable_functions=string

Different function names are separated by commas, and this option is not affected by Safe mode.

Magicquotes

Used to automatically escape the input information of the PHP program, all single quotes ("'"), double quotes ("" "), backslashes (" \ ") and null characters (NULL) are automatically added with backslashes to escape magic_quotes_gpc=on to set Magicquotes to ON, It affects HTTP request data (GET, POST, Cookies) programmers can also use Addslashes to escape submitted HTTP request data, or use Stripslashes to remove escapes.

PHP Vulnerability Full solution (a) the security of the PHP website

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.