欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

php中allow_url_include的应用分析

程序员文章站 2022-04-07 11:15:34
...

  3. // Insecure Include

  4. // The following Include statement will
  5. // include and execute everything POSTed
  6. // to the server

  7. include "php://input";

  8. ?>
复制代码

例2: Use data: to Include arbitrary code

  3. // Insecure Include

  4. // The following Include statement will
  5. // include and execute the base64 encoded
  6. // payload. Here this is just phpinfo()

  7. include "data:;base64,PD9waHAgcGhwaW5mbygpOz8+";

  8. ?>
复制代码

把这些放到运算里将会发现既不是url_allow_fopen也不是url_allor_include 被保障。 只是因为过滤器很少对矢量进行过滤。如果要完全解决这个URL include vulnerabilities的方法则需要应用Suhosin扩展。

相关标签: php中allow_url_include的应用分析

上一篇: PHP filter_var() 函数

下一篇: PHP如何反向输出字符串?使用递归调用输出

推荐阅读