The risk of PHP opening remote files

Source: Internet
Author: User

PHP has a configuration option called Allow_url_fopen, Venetian Casino This option is valid by default. It allows you to point to many types of resources and handle them like local files. For example, by reading a URL you can get the content of a page (HTML):

<?php$contents = file_get_contents (' http://www.nowamagic.net/');? >

When contaminated data is used for include and require file pointing, a serious vulnerability is created. In fact, I think this vulnerability is one of the most dangerous vulnerabilities in PHP applications because it allows an attacker to execute arbitrary code. Although the severity is almost at the level, a similar vulnerability arises when the contaminated data is used in a standard file system function:

<?php$contents = file_get_contents ($_get[' filename ');? >

This example enables the user to manipulate the behavior of the file_get_contents () so that it obtains the contents of the remote resource. Consider a request similar to the following:

Http://example.org/file.php?file ... mple.org%2fxss.html

This leads to a situation where the value of the $content is contaminated, and because this value is obtained indirectly, it is possible to overlook this fact. This is also the depth of defense principle will regard the file system as a remote data source, but also depending on the value of $content as input, so that your filtering mechanism will potentially play a role in the future.

Because the $content value is contaminated, it can lead to multiple security vulnerabilities, including cross-site scripting vulnerabilities and SQL injection vulnerabilities. For example, here is an example of a cross-site scripting vulnerability:

<?php$contents = file_get_contents ($_get[' filename '); echo $contents;? >

The solution is never to use contaminated data to point to a file name. Keep filtering the input and be sure to filter the data before it points to a file name:

<?php$clean = Array ();/* Filter Input ($_get[' filename ') */$contents = file_get_contents ($clean [' filename ']);? >

Although there is no guarantee that the data in the $content is completely free, there is a reasonable guarantee that the file you are reading is the one you want to read, not the attacker's designation. To enhance the security of this process, you also need to think of $content as input and filter it before use.

<?php$clean = Array (), $html = Array (),/* Filter Input ($_get[' filename ') */$contents = file_get_contents ($clean [' FileName ']);/* Filter Input ($contents) */$html [' contents '] = htmlentities ($clean [' contents '], ent_quotes, ' UTF-8 '); echo $html [' contents '];? >

The above process provides a powerful way to protect against multiple attacks, and is recommended for practical programming.

The risk of PHP opening remote files

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.