Php website intrusion and Security personal opinions

1. The global variables are not initialized. This vulnerability is very difficult to find. The possibility of finding a non-CMS is 0-maybe my personal level is not enough. However, once successful, it may be a piece of webshell. I personally think the operation is very difficult.

2. bak leaks Mysql database information and can directly write shell, or even websites with non-virtual hosts, and can directly use cmd. For example, conn. php. bak. I don't know how these Baks are generated. Inexplicable. Generally, the success rate is mostly from virtual hosts. Therefore, there is a hardware firewall, and the outside world cannot connect with software, or some simply do not open port 3306, so localhost is required. However, if you have a website, you can use Phpmyadmin.

3. weak passwords.

4. injection. As mentioned in two previous articles on the Forum, one GetPost backend authenticates security and one gov injection instance. If you do not have sufficient permissions, you can check on the Q blog of the boss. Can you find my boss's Q number to check your level.
After reading the instance article, you can see the old version of DeDeCMS injection EXP in practice. Although the injection vulnerability is easy to find, its initiative is not enough, and the chance of getting webshell is not high.

5. Directly retrieve webshell. It is purely a matter of character. The php website container is generally Apache, And the IIS6.0 file name parsing problem does not exist. Upload directly with the upload component that is not authorized to verify in the background. jpg and gif files separated by semicolons are useless. Php can only be passed directly, so it is a matter of Character appearance.

It is also worth mentioning that the Korean Education Bureau edu. kr, how was it done by me? The website has a download component. Use GET to GET the path of the file to be downloaded. I directly change it to the PHP file of the website. After downloading the data in include, obtain the Mysql information of eight second-level domain names (WWW is also called second-level domain names), including the main site. However, there are countless methods that cannot be connected. ping the database ip address and there is no response. However, http and ip addresses are the websites of the Education Bureau. Later, when I broke my shoes, I had to pay no effort to connect them directly with Mysql.