Shulou(Shulou.com)06/01 Report--

The causes of vulnerabilities are complex, including programmer coding problems, system problems, and possibly configuration environment problems. Here is a brief summary of php common loopholes, so that we have a simple understanding of website vulnerabilities.

If you want to get started quickly, it is recommended that you watch my well-designed course on vulnerability discovery on PHP sites:

PHP vulnerability Mining (2): analysis of Common vulnerabilities in PHP

0x01 sql injection vulnerability

Sql injection vulnerability, as long as it is a programming basic heard of, even if you do not know much about network security, this vulnerability is also widely known, because of its harmfulness and the depth of the impact.

Sql injection can be divided into digital injection and character injection according to the elements received.

According to the syntax of injection, it can be divided into joint injection, Boolean injection, delayed injection, error injection, and so on. There are also many high-level games, mainly depending on the ability of programming.

0x02 xss vulnerability

At first, many webmasters did not pay much attention to the xss vulnerability, but later, with the development of xss technology, it gradually became more and more harmful, and now it is a serious vulnerability.

According to its harm mode, xss can be divided into reflective XSS, Dom XSS and storage XSS, among which storage XSS is the most harmful, which can easily cause worms and affect the normal program of the website.

0x03 CSRF vulnerability

Csrf, also known as cross-site request forgery vulnerabilities, is caused by lax restrictions on permission operations. Users usually use induced operations to achieve vulnerability damage. Of course, csrf can be operated with xss, which is very ingenious and more harmful.

0x04 upload vulnerability

Upload module has always been a place where vulnerabilities occur frequently. Expensive filtering is not strict, allowing * * users to upload shell, resulting in the collapse of websites. Different websites need to make some security restrictions according to their own server environment and configuration.

0x05 command line execution

Command line execution vulnerability is a very harmful loophole caused by loose coding by programmers. In scripting languages, there are many dangerous functions. When receiving parameters, you must pay attention to filtering and whitelist verification. If you are not careful, it will be exploited and the website will be hacked.

Write at the end

This chapter, a brief introduction to so many, php loopholes can be more than these, the following courses, we will also in-depth study.

Finally, I recommend you to learn.

PHP vulnerability Mining (2): analysis of Common vulnerabilities in PHP

Quickly understand the common loopholes in php, lay the foundation for the following high-level technology!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.