Home >Backend Development >PHP Tutorial >Solution to prevent PHP from forging local files in Linux_PHP Tutorial

Solution to prevent PHP from forging local files in Linux_PHP Tutorial

WBOYOriginal: 2016-07-13 17:10:211195browse

We only talk about the Linux system as an example, but the prevention method is effective in any system. Let’s take a look at the following operations.

You can use it like this

/etc/security/environ /etc/security/limits

The code is as follows

代码如下

复制代码

http://www.xxx.com/index.php?page=../etc/passwd
http://www.xxx.com/index.php?page=../../../etc/passwd
http://www.xxx.com/index.php?page=..../../etc/passwd

获取更多数据:
etc/profile
etc/services
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default

Copy code

http://www.xxx.com/index.php?page=../etc/passwd

http://www.xxx.com/index.php?page=../../../etc/passwd

http://www.xxx.com/index.php?page=..../../etc/passwd

代码如下	复制代码
?page=intval($_GET);

Get more data:

etc/profile

etc/services

/etc/passwd

/etc/shadow

/etc/group

代码如下	复制代码
$body = htmlspecialchars(isset($_GET[$str])?$_GET[$str]:'');

/etc/security/group

/etc/security/passwd

/etc/security/user

/usr/lib/security/mkuser.default

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：Several random password generation methods_PHP tutorialNext article：Several random password generation methods_PHP tutorial

See more

Solution to prevent PHP from forging local files in Linux_PHP Tutorial

Related articles