易截截图软件、单文件、免安装、纯绿色、仅160KB

PHP 中巧用数组降低程序的时间复杂度

OpenX adserver version 2.8.1 and lower is vulnerable to remote code
execution. To be exploited, this vulnerability requires banner / file
upload permissions, such as granted to the 'advertiser' and
'administrator' roles.
This vulnerability is caused by the (insecure) file upload mechanism of
affected OpenX versions. These would check magic bytes of an uploaded
file to determine its MIME type, and erroneously assume this
information to be reliable. Additionally, while the file name of
uploaded files is changed, the file extension is not.
As such, it is possible to upload image files with embedded PHP code and
.php file extension. Unless PHP script execution is explicitly prevented
for the file upload location (which has not been documented in the OpenX
manual so far and it is not the result of a default installation), the
PHP code will execute as soon as HTTP access to the file location will
cause it to be executed by the web server.
To clarify, an attacker exploiting this security issue does require
prior access to OpenX, i.e. exploitation is only possible after
successful authentication. On the other hand, advertiser access is a
rather low permission level and should not allow for system access.
If these bugs were not hidden from OpenX' bug tracker, you could read up
more about issue X-5747 here:
https://developer.openx.org/jira/browse/OX/fixforversion/10910
OpenX 2.8.2 has already been released in October to fix this issue and
can be downloaded from Roll forming machine
http://www.openx.org/ad-server/download
Moritz Naumann
Naumann IT Security Consulting
Berlin, Germany
http://www.moritz-naumann.com/


相关文档:

PHP中Session变量不能传送到下一页的解决方法

在PHP中使用过SESSION的朋友可能会碰到这么一个问题,SESSION变量不能跨页传递。这令我苦恼了好些日子,最终通过查资料思考并解决了这个问题。我认为,出现这个问题的原因有以下几点:
1、客户端禁用了cookie
2、浏览器出现问题,暂时无法存取cookie
3、php.ini中的session.use_trans_sid = 0或者编译时没有打开--enable ......

PHP解疑(转载)

PHP解疑
1. 代码重用方法include()和require()函数差异?
1) Require()函数
使用requier()包含外部php文件时,只要自身php文件被执行,外部文件的内容就将被包含进该自身php文件,当包含的外部文件发生错误时,系统将给出错误提示,并且停止php文件的执行。
示例:
调用文件config.inc的程序代码:
<?php  ec ......

PHP获取浏览器信息(三种)

转自本人个人网站 【PHP探路者
】,欢迎各位访问站点!
在使用PHP获取浏览器信息时,通常有两种方式:
第一种是:使用$_SERVER[HTTP_USER_AGENT]选项
此方式获取的是格式不规则的数据,如
Mozilla/4.0 (compatible; MSIE 8.0
; Windows NT 5.1; Trident/4.0; GTB6; CIBA; .NET CLR 2.0.50727)
Mozilla/5.0 (Windows ......

php session新手入门教程

 
Session简介
session 分成两部分,session空间存放于服务器端,打开空间的ID 存放于 客户端的cookie, 如果客户端关闭了cookie,session就不能正常的使用。
Session的中文译名叫做“会话”,其本来的含义是指有始有终的一系列动作/消息,比如打电话时从拿起电话拨号到挂断电话这中间的一系列过程可以称 ......

MySQL+PHP产生乱码的原因及解决方法

MySQL+PHP产生乱码原因:
  ◆ MySQL数据库默认的编码是utf8,如果这种编码与你的PHP网页不一致,可能就会造成MySQL乱码;
  ◆ MySQL中创建表时会让你选择一种编码,如果这种编码与你的网页编码不一致,也可能造成MySQL乱码;
  ◆ MySQL创建表时添加字段是可以选择编码的,如果这种编码与你的网页编码不一致,也可能造成 ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号