Vulnerabilities principle
PHP code execution vulnerability could inject code into applications, and ultimately to the webserver to execute. An attacker may malicious code into the background and is executed as a function of the parsed code corresponding parameter .
The main flaw is present in the eval (), assert (), preg_replace (), call_user_func (), array_map () function and dynamic.
Causes
Did not do a good job filtering parameters, leading to arbitrary code will be interpreted as a background function script code execution
Hazard Vulnerability
- Arbitrary code execution
- Write to the site WebShell
- Even control the entire site server
defense
- For the function eval (), resolving a code, so that users can not easily come into contact with the parameters, and parameters to be passed to the strict filtering and determination
- Wrapping string parameters using single quotes may be made prior to insertion addslashes ()
- For preg_replace abandon the use of modifier e. If e modifier must use, ensure that the second parameter, for matching the subject is out, wrapped in single quotes.
escapeshellcmd()
The command string to filter out special charactersescapeshellarg()
The parameters in double quotation marks
eval
It is a function to execute code php
Assuming that access 192.168.203.128/test/testcmd.php?x=echo 123;
Assuming that access 192.168.203.128/test/testcmd.php?x=phpinfo();
By a x
write file code is transmitted, Run
// 简单文件写入代码
$file=$_GET['f'];
$data=$_GET['d'];
$fileio=fopen($file,'w+');
fwrite($fileio,$data);
fclose($fileio);
Successfully written word
Use code execution vulnerability can be put right