脚本语言的通病
- 弱类型语言
$a = 1;
$b = array();
$c = "test";
<?php
$a = null; $b = false;
if($a == $b){
echo “a和b相等!”;
}else{
echo “a和b不相等!”;
}
$a = ''; $b = 0;
if($a == $b){
echo “a和b相等!”;
}else{
echo “a和b不相等!”;
}
?>
- require( )包含文件 可以文件注入
<form>Choose theme:
<select name = theme>
<option value = blue>Blue</option>
<option value = green>Green</option>
<option value = red>Red</option>
</select>
<input type = submit>
</form>
<?php
if($theme) {
require($theme.'.txt');
}
?>
- sql 注入 拼装字符串,addslashes/stripslashes防御
$sql =”select * from phpben where user_name=’admin’ and pwd =’123′”;
$sql =”select * from phpben where user_name=’ ‘or’=’or” and pwd =” “;
$sql =”select * from phpben where user_name=’ ‘or 1=’1′ and pwd =” “;
- Xss攻击
<body>
<?php
$searchQuery = $_GET['q'];
/* some search magic here */
?>
<h1>You searched for: <?php echo $searchQuery; ?></h1>
<p>We found: Absolutely nothing because this is a demo</p>
</body>
直接打 search.php?q=%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
Reference
- https://www.kancloud.cn/chunyu/php_basic_knowledge/840701
- https://www.cnblogs.com/Renyi-Fan/p/10856650.html#_label0_1
- https://www.runoob.com/w3cnote/php-safe-collection.html
- https://www.oschina.net/translate/top-6-security-attacks-php?print