这个问题我自己回答吧。
参考资料1:
PHP Security Guide 的地址:
http://phpsec.org/projects/guide/1.html
一本有关PHP安全的书。
这种说法:
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP » 4.2.0. Reliance on this directive was quite common and many people didn't even know it existed and assumed it's just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it.
也就是说,PHP4.1及之前的版本默认安装的PHP,
如果没定义变量的话,他就会给你相当于使用 _GET[“variable”] 这个方式来获取变量的值。
一个例子说明:
《?php
global $user ;
if $user == "admin"{
admin();
}
else{
user();
}
?》
也就是说你访问这个页面只要 test.php&user=admin 就会直接有管理的权限。
要是避免这个漏洞的话的话需要修改php的配置文件register_globals改为OFF。
PHP4.2及以后的版本就不会。
可以grep -r register_globals /etc/php*
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
