Phpinfo ()
Function Description: Output PHP environment information and related modules, WEB environment and other information.
Hazard level: In
PassThru ()
Function Description: Allows to execute an external program and echo output, similar to exec ().
Danger level: High
EXEC ()
Function Description: Allows execution of an external program (such as a UNIX Shell or CMD command, etc.).
Danger level: High
System ()
Function Description: Allow to execute an external program and echo output, similar to PassThru ().
Danger level: High
Chroot ()
Functional Description: Can change the working root directory of the current PHP process, only if the system supports CLI mode
PHP to work, and this function does not apply to Windows systems.
Danger level: High
Scandir ()
Feature Description: Lists the files and directories in the specified path.
Hazard level: In
CHGRP ()
Feature Description: Change the user group to which the file or directory belongs.
Danger level: High
Chown ()
Feature Description: Change the owner of a file or directory.
Danger level: High
Shell_exec ()
Function Description: Executes the command through the Shell and returns the execution result as a string.
Danger level: High
Proc_open ()
Function Description: Executes a command and opens the file pointer for reading and writing.
Danger level: High
Proc_get_status ()
Feature Description: Gets information about the process that was opened using Proc_open ().
Danger level: High
Error_log ()
Feature Description: Sends error messages to the specified location (file).
Security Note: In some versions of PHP, you can use Error_log () to bypass PHP safe mode.
Execute arbitrary commands.
Hazard Rating: Low
Ini_alter ()
Function Description: is an alias function of the Ini_set () function, the function is the same as Ini_set ().
See Ini_set () specifically.
Danger level: High
Ini_set ()
Function Description: Can be used to modify, set the PHP environment configuration parameters.
Danger level: High
Ini_restore ()
Function Description: Can be used to restore the PHP environment configuration parameters to its initial value.
Danger level: High
DL ()
Function Description: Load a PHP external module while PHP is running (rather than booting).
Danger level: High
Pfsockopen ()
Feature Description: Establish a persistent socket connection to the Internet or UNIX domain.
Danger level: High
Syslog ()
Functional Description: The system-level syslog () function of the UNIX system can be invoked.
Hazard level: In
Readlink ()
Function Description: Returns the contents of the destination file that the symbolic connection points to.
Hazard level: In
Symlink ()
Feature Description: Establishes a symbolic link in the UNIX system.
Danger level: High
Popen ()
Function Description: You can pass a command through the parameters of Popen () and execute the file opened by Popen ().
Danger level: High
Stream_socket_server ()
Feature Description: Establish an Internet or UNIX server connection.
Hazard level: In
Putenv ()
Feature Description: Used to change the system character set environment while PHP is running. In PHP below the 5.2.6 version, you can use this function
After modifying the system character set environment, use the sendmail instruction to send special parameters to execute the System SHELL command.
Danger level: High
The disabled methods are as follows:
Open the/etc/php.ini file,
Find Disable_functions, add the name of the function you want to disable, as follows:
Phpinfo,eval,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter, Ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket, Fsockopen
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.