1¡¢ÃüÁî×¢Èë(Command Injection)
2¡¢eva l×¢Èë(eva l Injection)
3¡¢¿Í»§¶Ë½Å±¾¹¥»÷(Script Insertion)
4¡¢¿çÍøÕ¾½Å±¾¹¥»÷(Cross Site Scripting, XSS)
5¡¢SQL×¢Èë¹¥»÷(SQL injection)
6¡¢¿çÍøÕ¾ÇëÇóαÔì¹¥»÷(Cross Site Request Forgeries, CSRF)
7¡¢Session »á»°½Ù³Ö(Session Hijacking)
8¡¢Session ¹Ì¶¨¹¥»÷(Session Fixation)
9¡¢HTTPÏìÓ¦²ð·Ö¹¥»÷(HTTP Response Splitting)
10¡¢ÎļþÉÏ´«Â©¶´(File Upload Attack)
11¡¢Ä¿Â¼´©Ô½Â©¶´(Directory Traversal)
12¡¢Ô¶³ÌÎļþ°üº¬¹¥»÷(Remote Inclusion)
13¡¢¶¯Ì¬º¯Êý×¢Èë¹¥»÷(Dynamic Variable eva luation)
14¡¢URL¹¥»÷(URL attack)
15¡¢±íµ¥Ìá½»ÆÛƹ¥»÷(Spoofed Form Submissions)
16¡¢HTTPÇëÇóÆÛƹ¥»÷(Spoofed HTTP Requests)
ÒÔºóµÄÿÆÚÁ¬ÔØ£¬»áÖð¸ö½éÉÜÕâЩ©¶´µÄÔÀíºÍ·ÀÓù·½·¨¡£
¼¸¸öÖØÒªµÄphp.iniÑ¡Ïî
Register Globals
php>=4.2.0£¬php.iniµÄregister_globalsÑ¡ÏîµÄĬÈÏÖµÔ¤ÉèΪOff£¬µ±register_globalsµÄÉ趨ΪOnʱ£¬³ÌÐò¿ÉÒÔ½ÓÊÕÀ´×Ô·þÎñÆ÷µÄ¸÷ÖÖ»·¾³±äÁ¿£¬°üÀ¨±íµ¥Ìá½»µÄ±äÁ¿£¬¶øÇÒÓÉÓÚPHP²»±ØÊÂÏȳõʼ»¯±äÁ¿µÄÖµ£¬´Ó¶øµ¼ÖºܴóµÄ°²È«Òþ»¼¡£
Àý1:
//check_admin()ÓÃÓÚ¼ì²éµ±Ç°Óû§È¨ÏÞ£¬Èç¹ûÊÇadminÉèÖÃ$is_admin±äÁ¿Îªtrue£¬È»ºóÏÂÃæÅжϴ˱äÁ¿ÊÇ·ñΪtrue£¬È»ºóÖ´ÐйÜÀíµÄһЩ²Ù×÷
//ex1.php
< php
if (check_admin())
{
$is_admin = true;
}
if ($is_admin)
{
do_something();
}
>
ÕâÒ»¶Î´úÂëûÓн«$is_adminÊÂÏȳõʼ»¯ÎªFlase£¬Èç¹ûregister_globalsΪOn£¬ÄÇôÎÒÃÇÖ±½ÓÌá½» http://www.sectop.com/ex1.php is_admin=true,¾Í¿ÉÒÔÈƹýcheck_admin()µÄÑéÖ¤
Àý2:
//ex2.php
< php
if (isset($_SESSION["username"]))
{
do_something();
}
else
{
echo ¡°ÄúÉÐδµÇ¼!¡±;
}
>
µ±register_globals=Onʱ£¬ÎÒÃÇÌá½»=dodo]http://www.sectop.com/ex2.php _SESSION[username]=dodo£¬¾Í¾ßÓÐÁË´ËÓû§µÄȨÏÞ
ËùÒÔ²»¹Üregister_globalsΪʲô£¬ÎÒÃǶ¼Òª¼Çס£¬¶ÔÓÚÈκδ«ÊäµÄÊý¾ÝÒª¾¹ý×ÐϸÑéÖ¤£¬±äÁ¿Òª³õʼ»¯
safe_mode
°²È«Ä£Ê½£¬PHPÓÃÀ´ÏÞÖÆÎĵµµÄ´æÈ¡¡¢ÏÞÖÆ»·¾³±äÁ¿µÄ´æÈ¡£¬¿ØÖÆÍⲿ³ÌÐòµÄÖ´ÐС£ÆôÓð²È«Ä£Ê½±ØÐëÉèÖÃphp.iniÖеÄsafe_mode = On
1¡¢ÏÞÖÆÎļþ´æÈ¡
safe_mode_include_dir = ¡°/path1:/path2:/path3¡å
²»Í¬µÄÎļþ¼ÐÓÃðºÅ¸ô¿ª
2¡¢ÏÞÖÆ»·¾³±äÁ¿µÄ´æÈ¡
safe_mode_allowed_env_vars = string
Ö¸¶¨PHP³ÌÐò¿ÉÒԸıäµÄ»·¾³±äÁ¿µÄǰ׺£¬Èç:safe_mode_allowed_env_vars = PHP_ ,µ±Õâ¸öÑ¡ÏîµÄֵΪ¿Õʱ£¬ÄÇôphp¿ÉÒԸıäÈκλ·¾³±äÁ¿
safe_mode_protected_env_vars = string
ÓÃÀ´Ö¸¶¨php³ÌÐò²»¿É¸Ä±äµÄ»·¾³±äÁ¿µÄǰ׺
3¡¢ÏÞÖÆÍⲿ³ÌÐòµÄÖ´ÐÐ
safe_mode_exec_dir = string
´ËÑ¡ÏîÖ¸¶¨µÄÎļþ¼Ð·¾¶Ó°Ïìsystem¡¢exec¡¢popen¡¢passthru£¬²»Ó°Ïìshell_execºÍ¡°` `¡±¡£
disable_functions = string
²»Í¬µÄº¯ÊýÃû³ÆÓöººÅ¸ô¿ª£¬´ËÑ¡Ïî²»ÊÜ°²È«Ä£Ê½Ó°Ïì
magic quotes
ÓÃÀ´ÈÃphp³ÌÐòµÄÊäÈëÐÅÏ¢×Ô¶¯×ªÒ壬ËùÓеĵ¥ÒýºÅ(¡°¡¯¡±)£¬Ë«ÒýºÅ(¡°¡±¡±)£¬·´Ð±¸Ü(¡°\¡±)ºÍ¿Õ×Ö·û(NULL)£¬¶¼×Ô¶¯±»¼ÓÉÏ·´Ð±¸Ü½øÐÐתÒå
magic_quotes_gpc = On ÓÃÀ´ÉèÖÃmagic quotes ΪOn£¬Ëü»áÓ°ÏìHTTPÇëÇóµÄÊý¾Ý(GET¡¢POST¡¢Cookies)
³ÌÐòÔ±Ò²¿ÉÒÔʹÓÃaddslashesÀ´×ªÒåÌá½»µÄHTTPÇëÇóÊý¾Ý£¬»òÕßÓÃstripslashesÀ´É¾³ýתÒå