Several PHP vulnerabilities that need attention
Several important php. ini options
Register Globals
Php> = 4.2.0, php. the default value of the register_globals option of ini is Off. When register_globals is set to On, the program can receive various environment variables from the server, including the variables submitted by the form, in addition, PHP does not need to initialize the variable value in advance, which leads to great security risks.
Example 1:
Copy codeThe Code is as follows: // check_admin () is used to check the current user permission. If the $ is_admin variable is set to true for admin, the following code checks whether the variable is true and then performs management operations.
// Ex1.php
If (check_admin ())
{
$ Is_admin = true;
}
If ($ is_admin)
{
Do_something ();
}
?>
This Code Section does not initialize $ is_admin to Flase in advance. If register_globals is On, then we directly submit the http://www.sectop.com/ex1.php? If is_admin = true, the check_admin () verification can be bypassed.
Example 2:Copy codeThe Code is as follows: // ex2.php
If (isset ($ _ SESSION ["username"])
{
Do_something ();
}
Else
{
Echo "You have not logged on! ";
}
?>
Copy codeThe Code is as follows: // ex1.php
$ Dir = $ _ GET ["dir"];
If (isset ($ dir ))
{
Echo "";
System ("ls-al". $ dir );
Echo "";
}
?>
Mixed eval (string code_str) // eval injection generally occurs when attackers can control input strings.
// Ex2.phpCopy codeThe Code is as follows:
$ Var = "var ";
If (isset ($ _ GET ["arg"])
{
$ Arg = $ _ GET ["arg"];
Eval ("$ var = $ arg ;");
Echo "$ var =". $ var;
}
?>