【基本篇】PHP源代码审计
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">关于<span style="color: black;">工具</span>:Rips 是<span style="color: black;">运用</span>PHP语言<span style="color: black;">研发</span>的一个审计<span style="color: black;">工具</span>,<span style="color: black;">因此</span>只要<span style="color: black;">大众</span>有<span style="color: black;">能够</span>运行PHP的环境就<span style="color: black;">能够</span><span style="color: black;">容易</span>实现PHP的代码审计,<span style="color: black;">倘若</span><span style="color: black;">大众</span>感兴趣<span style="color: black;">能够</span><span style="color: black;">自动</span><span style="color: black;">认识</span>官网<a style="color: black;"><span style="color: black;">http://</span><span style="color: black;">rips-scanner.sourceforge.net</span><span style="color: black;">/</span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">关于下载:环境我<span style="color: black;">这儿</span>用的PHPstduy,下载RIPS后将其解压放入PHPstduy的根目录下<span style="color: black;">就可</span><span style="color: black;">运用</span> ,浏览器<span style="color: black;">拜访</span>localhost/rips<span style="color: black;">就可</span><span style="color: black;">拜访</span>主界面。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">首要</span><span style="color: black;">拜访</span><span style="color: black;">咱们</span>所搭建好的审计环境:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-fc72457f3edd5edda798963d2be7bcc5_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">从下图<span style="color: black;">咱们</span><span style="color: black;">能够</span><span style="color: black;">晓得</span>,该审计可支持的漏洞,<span style="color: black;">亦</span><span style="color: black;">便是</span>常说的正则表达式:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic3.zhimg.com/80/v2-d474784ae56b1cffcbe18edebd469562_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">当然<span style="color: black;">亦</span><span style="color: black;">能够</span>自己对其进行编写正则表达式: </p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span>复制<span style="color: black;">必须</span>审计的路径:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-d8aeefab16050c98369f5e518e0b933d_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">输入到路径处,点击<span style="color: black;">起始</span>扫描<span style="color: black;">就可</span>:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic1.zhimg.com/80/v2-ef66e4ed769c0fe8dc8a1a5d0a053454_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span>来看下结果:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-e19d0ed4f6ed0db6b8925329fdc7db8b_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span><span style="color: black;">能够</span>看到 其中<span style="color: black;">包括</span>文件<span style="color: black;">包括</span> 远程脚本攻击 等等。。。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span>参数定义,<span style="color: black;">咱们</span><span style="color: black;">转</span>到指定可能存在的行数:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic2.zhimg.com/80/v2-f2f4df822041b8a213c051499cddeb79_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">有人说:不会复现怎么办? </p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">此刻</span>简单的<span style="color: black;">来讲</span>下复现原理:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic1.zhimg.com/80/v2-fee2a6c1f1dc812e84211c2f407a0cec_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span><span style="color: black;">能够</span>看见上图:<span style="color: black;">包括</span>了一个文件路径,文件名<span style="color: black;">叫作</span>,代码参数,以及判断 </p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1:验证本地文件<span style="color: black;">是不是</span>可<span style="color: black;">外边</span><span style="color: black;">拜访</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2:<span style="color: black;">经过</span>审计结果去对应测试</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3:编写 payload 语句,判断参数<span style="color: black;">是不是</span>可控</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">当然还有其他的方式:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">按照</span>以上提示:该处是文件<span style="color: black;">包括</span>漏洞:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span>置语句:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;">main.php?files=
Main.php?files=[]</div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">重视</span>看源代码的,发起请求的请求方式</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic1.zhimg.com/80/v2-fb6d9d5cbb4321a65d5f9fd1000f3c64_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">必须</span><span style="color: black;">重视</span>以下几点:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1:在对完成审计的结果复现时,<span style="color: black;">必定</span>要从源文件查看整条语句:<span style="color: black;">例如</span>下图 </p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic3.zhimg.com/80/v2-5db79dea9a69be252d9d74705f564d56_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">提示存在问题的行数:转代码看此处的功能点(简<span style="color: black;">叫作</span> 分段式功能点)</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic1.zhimg.com/80/v2-8f5318c3a5c673b41772ad12d95eda8c_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2:在对其进行基本验证的时候,<span style="color: black;">亦</span>许你会<span style="color: black;">发掘</span>该文件从<span style="color: black;">外边</span>是不可<span style="color: black;">拜访</span>的,<span style="color: black;">咱们</span>就<span style="color: black;">能够</span>进行代码<span style="color: black;">跟踪</span>到上一个文件:<span style="color: black;">例如</span><span style="color: black;">起始</span>定义:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-b9fd0432ec744e857de04b6e1a08438f_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">列<span style="color: black;">关联</span>payload语句:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;">Index.php?files=_/files=/
Index.php/main.php$_post=/</div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">详细</span>操作<span style="color: black;">能够</span>完全<span style="color: black;">按照</span><span style="color: black;">实质</span><span style="color: black;">状况</span>来。。。</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-58f37000dbdc0a3e7281f08c8949a3bf_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
回顾历史,我们不难发现:无数先辈用鲜血和生命铺就了中华民族复兴的康庄大道。 这篇文章真的让我受益匪浅,外链发布感谢分享! 你的见解独到,让我受益匪浅,非常感谢。 软文发布平台 http://www.fok120.com/ 你的留言真是温暖如春,让我感受到了无尽的支持与鼓励。 我们有着相似的经历,你的感受我深有体会。
页:
[1]