如何识别php应用程序安全漏洞 [英] How to identify php application security holes

问题描述

我和同事打赌了。看看我做得好。


投注：

由于PHP存在问题，请尝试妥协或以其他方式干扰应用程序的正常功能。


不包括网络和服务器的问题/漏洞。 （即DoS攻击不计算在内）


该应用程序运行一些CLI命令，上传文件，在MySQL中存储数据并具有用户/访问登录。


大多数人都知道我使用PHP的专业水平，所以跳过mysql_escape_string（）会谈。 :)


1.清理页面上的每个输入和请求

2.在服务器上加密会话和存储会话/不在cookie中

3.阻止所有坏IP。 （如果我看到输入错误，请不要处理来自该IP的任何请求）

4. ????

5.赢100块钱！


他将有1个星期的时间来完成它。




Dan

解决方案

哇！没有Takers？


PHP是安全的吗？


嗯......也许是。而且我确实说过不要给出一些微不足道的回答，比如


"避免这样做：

展开 | 选择 | 换行 | 行号

嗯，它通常是安全的;但是我没有多少建议你，因为我不知道你的申请将会做什么

傻n00b，帮助我们来帮助你！


马克（正在开玩笑;）。

好吧，先生，请求我！


我以为你会想象我的代码会是什么样子。


如果我写了一个应用程序执行系统命令和存储的东西（用户登录，密码和一些数据，如年龄，性别）。


假装我粘贴了代码。这一切都在一条线上（开玩笑）


除了消毒变量之外你还能找到什么？


我也可以用另一种方式。你会如何破解PHP网站？


1. SQL注入.........检查

2.因输入错误导致致命错误........ .check（set_error_handler（））

3.扫描网站的所有文件并检查遗留的文件，其他未开发的未链接页面，PHP不会处理的.inc配置文件。

4. ????

5.利润！



Dan（可以分享

I made a bet with a coworker. See if I did good.

Bet:
Try to compromise or otherwise disturb the normal function of an app because of a problem with PHP.

Problems/holes with network and the server are excluded. (ie DoS attack does not count)

The app runs some CLI commands, uploads a file, stores data in MySQL and has an user/access login.

Most of your know my level of expertise with PHP, so skip the mysql_escape_string() talks. :)


1. Sanitize every input and request from the page
2. Encrypt session and store session on server/not in a cookie
3. Block all bad-IPs. (if I see bad input, do not process any request from that IP)
4. ????
5. Win 100 Bucks!

He''ll have 1 week to do it.





Dan

解决方案

WOW! No Takers?

PHP is that secure?

Well...maybe it is. And I did say to not give trivial responses like

"Avoid doing this:

Expand|Select|Wrap|Line Numbers

Well, it generally is secure; but there''s not much I can advise you on, because I''ve no idea what your application will be doing.

Silly n00b, help us to help you!

Mark (is joking ;).

Well, Mr excuuuuuuse me!

I thought you''d have an imagination of what my code could look like.

If I wrote an application that that executed system commands and stored stuff (user login, password, and some data like age, gender).

Pretend I pasted the code. It''s all on one line (just kidding)

What would you look for besides sanitized variables?

I can also put this another way. How would you go about hacking a PHP site?

1. SQL Injection.........check
2. Causing fatal errors by bad input.........check (set_error_handler())
3. Scan all files of the site and check for left over files, other unlinked pages that maybe undeveloped, .inc config files that PHP won''t process.
4. ????
5. Profit!



Dan (could share the

这篇关于如何识别php应用程序安全漏洞的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！