PHP vulnerability details

Several important php. ini option RegisterGlobalsphp = 4.2.0, php. the default value of the register_globals option of ini is Off. when register_globals is set to On, the program can receive various environment variables from the server, including the variables submitted by the form, in addition, PHP does not need to initialize the variable value in advance, resulting in a large security

Several important php. ini options

Register Globals

Php> = 4.2.0, php. the default value of the register_globals option of ini is Off. when register_globals is set to On, the program can receive various environment variables from the server, including the variables submitted by the form, in addition, PHP does not need to initialize the variable value in advance, which leads to great security risks.

Example 1:

// Check_admin () is used to check the permissions of the current user. if the $ is_admin variable is set to true in admin, the following checks whether the variable is true and then performs some management operations.

// Ex1.php

　　

If (check_admin ())

{

$ Is_admin = true;

}

If ($ is_admin)

{

Do_something ();

}

?>

This code section does not initialize $ is_admin to Flase in advance. if register_globals is On, then we directly submit the http://www.sectop.com/ex1.php? If is_admin = true, the check_admin () verification can be bypassed.

Example 2:

// Ex2.php

　　

If (isset ($ _ SESSION ["username"])

{

Do_something ();

}

Else

{

Echo "you have not logged on! ";

}

?>

// Ex1.php

　　

$ Dir = $ _ GET ["dir"];

If (isset ($ dir ))

{

Echo"

";
 
　　system("ls -al ".$dir);
　　echo "

";

 

}

?>

　　

 

Mixed eval (string code_str) // eval injection generally occurs when attackers can control input strings.

// Ex2.php

　　

$ Var = "var ";

If (isset ($ _ GET ["arg"])

{

$ Arg = $ _ GET ["arg"];

Eval ("\ $ var = $ arg ;");

Echo "\ $ var =". $ var;

}

?>