审计总结:PHP源码审计敏感函数字典

对涉及PHP安全方面的函数进行了归类,参照了很多文章和博客,在此表示感谢。
 
1.include/require/require_once/include_once/file_get_contents
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/call_user_func_array/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/_ENV/php://input/getenv/
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables/unserialize
7.copy/rmdir/chmod/delete/fwrite/fopen/readfile/fpassthru/move_uploaded_file/
file_put_contents/unlink/upload/opendir/fgetc/fgets/ftruncate/fputs/fputcs
8.select/insert/update/delete/order by/group by/limit/in(/stripslashes/urldecode
9.confirm_phpdoc_compiled/mssql_pconnect/mssql_connect/crack_opendict/
snmpget/ibase_connect
10.echo/print/printf/vprintf/document.write/document.innerHTML/document.innerHtmlText
11.phpinfo/highlight_file/show_source
12.iconv/mb_convert_encoding
附带php.ini中涉及安全配置选项。
 
 
safe_mode = off ( a lot of shit cannot be done with this on )
disabled_functions = N/A ( no one,we want all )
register_globals = on ( we can set variables by request )
allow_url_include = on ( for lfi/rfi )
allow_url_fopen = on ( for lfi/rfi )
magic_quotes_gpc = off ( this will escape ‘ ” and NUL’s with a backslash and we don’t want that )
short_tag_open = on ( some scripts are using short tags,better on )
file_uploads = on ( we want to upload )
display_errors = on ( we want to see the script errors,maybe some undeclared variables? )
open_basedir 限制访问目录
display_errors = off 显示错误信息



 在 PHP 中可由用户输入的变量 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
$_SERVER
$_GET
$_POST
$_COOKIE
$_REQUEST
$_FILES
$_ENV
$_HTTP_COOKIE_VARS
$_HTTP_ENV_VARS
$_HTTP_GET_VARS
$_HTTP_POST_FILES
$_HTTP_POST_VARS
$_HTTP_SERVER_VARS



可能允许命令注入的函数 

?
1
2
3
4
5
6
7
8
system
exec
passthru
``
shell_exec
popen
proc_open
pcntl_exec



可能允许文件包含的函数 

?
1
2
3
4
5
6
7
8
9
10
include
include_once
require
require_once
show_source
highlight_file
readfile
file_get_contents
fopen
file



可能允许代码注入的函数

?
1
2
3
4
5
6
eval
preg_replace+/e
assert
call_user_func
call_user_func_array
create_function


可能允许SQL注入的 SQL语句函数  
insert 
delete 
update 
select 

可能允许攻击者恶意操作文件的函数  
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
copy
rmdir
unlink
delete
fwrite
chmod
fgetc
fgetcsv
fgets
fgetss
file
file_get_contents
fread
readfile
ftruncate
file_put_contents
fputcsv
fputs

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值