PHP sprintf 认为有害吗? [英] PHP sprintf considered harmful?

问题描述

几年前，我在 C 中艰难地了解了格式化字符串攻击.现在，我最近看到了一些这样的 PHP 代码:

A few years ago, I learned about Format String Attacks in C the hard way. Now, I recently saw some PHP code like this:

<?php
echo sprintf($_GET['format'], $_GET['value1'], $_GET['value2']);

我尝试将 $_GET['format'] 设置为像 %s%s%s... 这样的字符串来运行它，但 PHP 只存在于PHP 警告:sprintf():file.php 第 2 行的参数太少.不是仍然可以进行格式字符串攻击吗?

I tried run this like this with $_GET['format'] set to strings like %s%s%s..., but PHP just exists with PHP Warning: sprintf(): Too few arguments in file.php on line 2. Isn't it still possible to do a format string attack?

推荐答案

不是传统意义上的 PHP 的 sprintf 不支持任何真正危险的转换，如 %n.用户控制的格式字符串仍然会造成一些有限的破坏(考虑 %99999999s)，但我认为最坏的情况是消耗内存和时间.

Not in any traditional sense, as PHP's sprintf doesn't support any of the really dangerous conversions like %n. A user-controlled format string can still cause some limited havoc (consider %99999999s), but about the worst I think it could do would be to consume memory and time.

这篇关于PHP sprintf 认为有害吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！