编程基本 | PHP代码审记(下)
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">声明:文中所<span style="color: black;">触及</span>的技术、思路和<span style="color: black;">工具</span>仅供以安全为目的的学习交流<span style="color: black;">运用</span>,任何人不得将其用于<span style="color: black;">违法</span>用途以及盈利等目的,否则后果<span style="color: black;">自动</span>承担!</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">本专题<span style="color: black;">文案</span>导航</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;">1.编程<span style="color: black;">基本</span> | PHP代码审计(上):</a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">红日 新书上线了</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">红日安全推出的适合新手入门系列教程专刊上线啦!</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">红日安全专注新手入门教程。转眼间红日安全又成长了一岁,在这一年里,团队成长了<span style="color: black;">非常多</span><span style="color: black;">非常多</span>。<span style="color: black;">日前</span>团队所有的<span style="color: black;">文案</span>对外都是公开的,<span style="color: black;">期盼</span><span style="color: black;">能够</span>给新手一个填补空白的<span style="color: black;">地区</span>。2020年,团队<span style="color: black;">起始</span>新的方向,和<span style="color: black;">有些</span>安全培训厂商进行合作,<span style="color: black;">期盼</span>做出<span style="color: black;">更加多</span>安全作品。感谢团队每一位成员为团队的辛勤付出,<span style="color: black;">期盼</span>每一个人在团队里面有更大的<span style="color: black;">做为</span>。<span style="color: black;">亦</span>感谢<span style="color: black;">始终</span>在后面默默支持<span style="color: black;">咱们</span>的红粉,<span style="color: black;">亦</span>祝愿你们在新的一年学到<span style="color: black;">更加多</span>的干货!</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5 PHP安全缺陷</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5.1 PHP <span style="color: black;">平常</span>安全配置</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5.1.1 php的安全模式</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">php的安全模式是个非常<span style="color: black;">要紧</span>的内嵌的安全机制,能够<span style="color: black;">掌控</span><span style="color: black;">有些</span>php中的函数,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">例如</span>system(),</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">同期</span>把<span style="color: black;">非常多</span>文件操作函数进行了权限<span style="color: black;">掌控</span>,<span style="color: black;">亦</span>不<span style="color: black;">准许</span>对某些关键文件的文件,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">例如</span>/etc/passwd,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">然则</span>默认的php.ini是<span style="color: black;">无</span>打开安全模式的,<span style="color: black;">咱们</span>把它打开:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">safe_mode = on</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5.1.2 php脚本能<span style="color: black;">拜访</span>的目录</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运用</span>open_basedir选项能够<span style="color: black;">掌控</span>PHP脚本只能<span style="color: black;">拜访</span>指定的目录,<span style="color: black;">这般</span>能够避免</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">PHP脚本<span style="color: black;">拜访</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">不该</span>该<span style="color: black;">拜访</span>的文件,<span style="color: black;">必定</span>程度上限制了phpshell的<span style="color: black;">害处</span>,<span style="color: black;">咱们</span>一般<span style="color: black;">能够</span>设</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">置为只能<span style="color: black;">拜访</span>网站目录:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">open_basedir = D:/usr/www</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5.2 关闭危险函数</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>打开了安全模式,<span style="color: black;">那样</span>函数禁止是<span style="color: black;">能够</span>不<span style="color: black;">必须</span>的,<span style="color: black;">然则</span><span style="color: black;">咱们</span>为了安全还是考</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">虑进去。<span style="color: black;">例如</span>,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span>觉得不<span style="color: black;">期盼</span>执行<span style="color: black;">包含</span>system()等在那的能够执行命令的php函数,或</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">者能够查看php信息的</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">phpinfo()等函数,<span style="color: black;">那样</span><span style="color: black;">咱们</span>就<span style="color: black;">能够</span>禁止它们:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">disable_functions =</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">system,passthru,exec,shell_exec,popen,phpinfo,escapeshellarg,escapesh</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">ellcmd,proc_close,proc_open,dl,show_source,get_cfg_var</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>你要禁止任何文件和目录的操作,<span style="color: black;">那样</span><span style="color: black;">能够</span>关闭<span style="color: black;">非常多</span>文件操作</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">disable_functions =</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">chdir,chroot,dir,getcwd,opendir,readdir,scandir,fopen,unlink,delete,c</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">opy,mkdir,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">rmdir,rename,file,file_get_contents,fputs,fwrite,chgrp,chmod,chown</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以上只是列了部分不叫常用的文件处理函数,你<span style="color: black;">亦</span><span style="color: black;">能够</span>把上面执行命令函数</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">和这个函数结合,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">就能够**大部分的phpshell了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.1.5.3 关闭注册全局变量</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在PHP中提交的变量,<span style="color: black;">包含</span><span style="color: black;">运用</span>POST或者GET提交的变量,都将自动注册为</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">全局变量,能够直接<span style="color: black;">拜访</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">这是对服务器非常不安全的,<span style="color: black;">因此</span><span style="color: black;">咱们</span><span style="color: black;">不可</span>让它注册为全局变量,就把注册</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">全局变量选项关闭:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">register_globals = Off</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">当然,<span style="color: black;">倘若</span><span style="color: black;">这般</span>设置了,<span style="color: black;">那样</span>获取对应变量的时候就要采用<span style="color: black;">恰当</span>方式,<span style="color: black;">例如</span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">获取GET提交的变量var,</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">那样</span>就要用$_GET来进行获取,这个php程序员要<span style="color: black;">重视</span>。</p>
期待楼主的下一次分享!” “BS”(鄙视的缩写) seo常来的论坛,希望我的网站快点收录。 论坛是一个舞台,让我们在这里尽情的释放自己。 我们有着相似的经历,你的感受我深有体会。
页:
[1]