如何“防篡改"?是$ _SERVER变量在php中? [英] How "tamper proof" is the $_SERVER variable in php?
本文介绍了如何“防篡改"?是$ _SERVER变量在php中?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
通过使用$ _SERVER ['PHP_SELF']信任$ _SERVER变量数组的内容来获取php文件的名称,我是否会承担很大的安全风险?
Would I be taking a big security risk by trusting the content of the $_SERVER variable array to get the name of php file using $_SERVER['PHP_SELF']?
推荐答案
很多但不是全部$ _SERVER变量是由攻击者控制的.例如,$_SERVER['SCRIPT_NAME']是安全的,而$_SEVER['PHP_SELF']是危险的变量,并且经常是xss的来源:
Many but not all of the $_SERVER variables are attacker controlled. For instance $_SERVER['SCRIPT_NAME'] is safe where as $_SEVER['PHP_SELF'] is a vary dangerous variable and is often the source of xss:
<?php
echo $_SEVER['PHP_SELF'];
?>
PoC:
http://localhost/self.php/<script>alert(/xss/)</script>
通过查看 查看全文
