5up3rh3iblog
Today, I saw a blog html "target = _ blank>Http://hi.baidu.com/toby57/blog/item/abec95514dccdc2942a75b96.htmlThe "php parsing encoding" problem mentioned in:
<?
$ A = Future is similar;
$ B =; phpinfo ();//;
?>
So I went to ryat to discuss the nature of this issue [although it was a long way to go]. In fact, the security problem caused by multi-byte encoding was very popular around the world in the past 08 years, related Topics have emerged at meetings such as blackhat, which are viewed from the "encoding" perspective, but not from the application perspective, for example, the above php processing problems.
In fact, the essence of the above Code is that the php processing method is 'single byte.
It is easy to understand: Authorization ---> E55C because the processing method of php single-byte is finally processed by E5 5C two independent bytes, and 5C --> is equivalent:
<?
$ A = Future *;
$ B =; phpinfo ();//;
?>
Escape the following ', resulting in the execution of phpinfo.
From this we can see that when processing multi-byte encoding, single-byte processing programs are likely to cause security problems due to "inconsistent standards.
In my discussion with ryat, he insisted that it was a file encoding problem. In my opinion, the php single-byte processing method is the key to the problem ..... in fact, this is caused by the problem we both looked ....
For a broad proposition, we should say: security issues that may be caused by inconsistent standards of programmers in dealing with problems.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
