========June/30=========
Chapter 1
1.reigister_globals= off in php.ini and set default value in variables
when definition.
2.safe_mode(directive option)= On in php.ini, PHP only limit PHP file,
not against external application execute by PHP, so it needs store these
applictions into security folder.
3.safe_mode_gid=On used to set user group check not single user ID
also use safe_mode_include_dir="/path1:/path2:/path3" to set specific
folders(limit file read)
4.safe_mode_allowed_env_vars=[string] used to enable the environment
variables change and read
safe_mode_protected_evn_vars=[string] used to disable the environment
variables change and read
5.safe_mode_exec_dir=[string]
6.disable_function=[string]
7.Magic Quotes Function:magic_quotes_gpc
8.phpinfo();
9.ini_get_all();
10.ini_set(string varname,string newvalue),except register_globals,
expose_php and allow_url_fopen
Chapter 2
1.string system(string command[,int & return_var])
system("dir c",$retval)
2.string exec(string command[,array& output[,int & retun_val]])
3.void passthru(string command[,int& return)
4.shell_exec(string cmd)
5."``"
$output=`dir c`
6. Command injection through URL
7. eval injection