Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

Solution to prevent PHP from forging local files in Linux_PHP Tutorial

WBOY
Release: 2016-07-13 17:10:21
Original
1165 people have browsed it

We only talk about the Linux system as an example, but the prevention method is effective in any system. Let’s take a look at the following operations.


You can use it like this

/etc/security/environ /etc/security/limits
The code is as follows
 代码如下 复制代码

http://www.xxx.com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www.xxx.com/index.php?page=..../../etc/passwd

获取更多数据:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
Copy code
http://www.xxx.com/index.php?page=../etc/passwd

http://www.xxx.com/index.php?page=../../../etc/passwd

http://www.xxx.com/index.php?page=..../../etc/passwd
 代码如下 复制代码

?page=intval($_GET);

Get more data:

etc/profile

etc/services

/etc/passwd

/etc/shadow

/etc/group
 代码如下 复制代码

$body = htmlspecialchars(isset($_GET[$str])?$_GET[$str]:'');
/etc/security/group

/etc/security/passwd

/etc/security/user
/usr/lib/security/mkuser.default

Like the above code, if you are ?page=$_GET This is it. Analyze the reason, because we only have numbers for paging, so we do it like this
The code is as follows Copy code
?page=intval($_GET); In this way, the characters cannot be submitted. We use the intval function to filter, so how to deal with the submitted characters.
When processing characters, we use PHP’s built-in functions addslashes and htmlspecialchars to filter, as
The code is as follows Copy code
$body = htmlspecialchars(isset($_GET[$str])?$_GET[$str]:''); This basically filters out various security injections. Of course, if your server has vulnerabilities, it cannot be solved in PHP. http://www.bkjia.com/PHPjc/629691.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629691.htmlTechArticleWe only talk about Linux systems as examples, but the prevention methods are effective in any system. Let’s look at them first. To see the operation, you can use the code as follows Copy the code http://www.xx...
Related labels:
linux php forgery but exist us document method local of system solve prevent
source:php.cn
Previous article:Several random password generation methods_PHP tutorial Next article:Solution to apache httpd.exe occupying high CPU and memory and sending large traffic packets to the external network_PHP tutorial
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Linux Bash: Easily delete HTML table data blocks I have an html file that is processed using a bash script and want to remove empty tables....
From 2024-04-02 09:13:43
0
1
332
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template