Each subsequent installment will introduce the principles of these vulnerabilities and how to defend them.
A few important php.ini options
Register Globals
The default value of the Register_globals option for Php>=4.2.0,php.ini is preset to off, and when Register_globals is set to ON, the program can receive various environment variables from the server, including the variables submitted by the form. And because PHP does not have to initialize the value of the variable beforehand, which leads to a large security risk.
Example 1:
Check_admin () is used to check the current user permissions, and if the admin setting is $is_admin the variable is true, then the following determines whether this variable is true and then performs some management actions
ex1.php
if (Check_admin ())
{
$is _admin = true;
}
if ($is _admin)
{
Do_something ();
}
?>
This section of code does not initialize $is_admin to Flase, if Register_globals is on, then we submit http://www.sectop.com/ex1.php?is_admin=true directly, You can bypass the validation of Check_admin ()
Example 2:
ex2.php
if (Isset ($_session["username"))
{
Do_something ();
}
Else
{
echo "You are not logged in!";
}
?>
When Register_globals=on, we submit =dodo]http://www.sectop.com/ex2.php?_session[username]=dodo, we have this user's permission
So regardless of register_globals why, we have to remember that for any transmitted data to be carefully verified, the variable is initialized
Safe_mode
In Safe mode, PHP is used to restrict access to documents, restrict access to environment variables, and control the execution of external programs. Enable Safe Mode must set Safe_mode = on in php.ini
1. Restricting file access
Safe_mode_include_dir = "/path1:/path2:/path3″
Separate folders separated by colons
2. Restricting access to environment variables
Safe_mode_allowed_env_vars = string
Specifies that the PHP program can change the prefix of the environment variables, such as: Safe_mode_allowed_env_vars = Php_, when the value of this option is NULL, then PHP can change any environment variables
Safe_mode_protected_env_vars = string
Prefix used to specify an immutable environment variable for PHP programs
3. Restricting the execution of external programs
Safe_mode_exec_dir = string
The folder path specified by this option affects system, exec, Popen, PassThru, and does not affect Shell_exec and "".
Disable_functions = string
Different function names are separated by commas, and this option is not affected by Safe mode
Magic Quotes
Used to automatically escape the input information of the PHP program, all single quotes ("'"), double quotes ("" "), backslashes (" \ ") and null characters (null), are automatically escaped with backslashes
MAGIC_QUOTES_GPC = On is used to set the magic quotes to on, which affects HTTP request data (GET, POST, Cookies)
Programmers can also use Addslashes to escape submitted HTTP request data, or use Stripslashes to remove escape
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
