Php remote vulnerability analysis page 16th. Almost all cgi programs have such bugs, but the specific expressions are different. I. almost all cgi programs have such bugs in the involved dangerous functions (include (), require (), include_once (), and require_once, but the specific performance is different.
I. involved dangerous functions (include (), require () and include_once (), require_once ()〕
Include () & require () statement: includes and runs the specified file.
These two structures are identical except for how to handle failures. Include () generates a warning and require () causes a fatal error. In other words, if you want to stop processing the page when a file is lost, use require (). This is not the case with include (). The script will continue to run.
If "allow_url_fopen" is activated in PHP (configured by default), you can also use URL (through HTTP or other supported encapsulation protocols) instead of local files to specify the files to be included. If the target server interprets the target file as PHP code, you can use the URL request string applicable to http get to pass variables to the included file.
Http://cn.php.net/manual/en/function.include.php
Require_once () & amp; include_once ()
The require_once () and include_once () statements include and run the specified file during script execution. This behavior is similar to the require () statement. The only difference is that if the code in the file has been included, it will not be included again. It is applicable to situations where the same file may be included more than once during script execution. you want to ensure that it is included only once to avoid function redefinition and variable re-assignment.
Http://cn.php.net/manual/en/function.require-once.php
II. why File inclusion?
When programmers write programs, they do not like to do the same thing or write the same code (such as some common functions) several times, therefore, the public code is written in a separate file, such as share. php, and then include the call in other files. In php, we use the functions listed above to achieve this goal. the workflow is as follows. php contains share. php, I will write include ("share. php ") to achieve the goal, and then you can use share. php functions, such as the name of the file that needs to be written to death, have no problems or vulnerabilities. So what exactly is the problem?
Sometimes you may not be sure which file to include. for example, let's look at the index. php code of the file below:
[Code]
If ($ _ GET
Refer bug, but the specific performance is different. I. involved dangerous functions [include (), require () and include_once (), require_once ()] I...