¡¾×ª¡¿¸ß¼¶PHPÓ¦ÓóÌÐò©¶´ÉóºË¼¼Êõ

×÷ÕߣºPh4nt0m Security Team
À´Ô´£ºhttp://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x03_0x06.txt
==Ph4nt0m Security Team==

Issue 0x03, Phile #0x06 of 0x07

|=---------------------------------------------------------------------------=|
|=---------------------=[ ¸ß¼¶PHPÓ¦ÓóÌÐò©¶´ÉóºË¼¼Êõ ]=---------------------=|
|=---------------------------------------------------------------------------=|
|=---------------------------------------------------------------------------=|
|=----------------------=[ By www.80vul.com ]=------------------------=|
|=------------------------=[ <www.80vul.com> ]=--------------------------=|
|=---------------------------------------------------------------------------=|
[Ŀ¼]
1. Ç°ÑÔ
2. ´«Í³µÄ´úÂëÉó¼Æ¼¼Êõ
3. PHP°æ±¾ÓëÓ¦ÓôúÂëÉó¼Æ
4. ÆäËûµÄÒòËØÓëÓ¦ÓôúÂëÉó¼Æ
5. À©Õ¹ÎÒÃǵÄ×Öµä
5.1 ±äÁ¿±¾ÉíµÄkey
5.2 ±äÁ¿¸²¸Ç
5.2.1 ±éÀú³õʼ»¯±äÁ¿
5.2.2 parse_str()±äÁ¿¸²¸Ç©¶´
5.2.3 import_request_variables()±äÁ¿¸²¸Ç©¶´
5.2.4 PHP5 Globals
5.3 magic_quotes_gpcÓë´úÂ밲ȫ
5.3.1 ʲôÊÇmagic_quotes_gpc
5.3.2 ÄÄЩµØ·½Ã»ÓÐħÊõÒýºÅµÄ±£»¤
5.3.3 ±äÁ¿µÄ±àÂëÓë½âÂë
5.3.4 ¶þ´Î¹¥»÷
5.3.5 ħÊõÒýºÅ´øÀ´µÄÐµİ²È«ÎÊÌâ
5.3.6 ±äÁ¿keyÓëħÊõÒýºÅ
5.4 ´úÂë×¢Éä
5.4.1 PHPÖпÉÄܵ¼Ö´úÂë×¢ÉäµÄº¯Êý
5.4.2 ±äÁ¿º¯ÊýÓëË«ÒýºÅ
5.5 PHP×ÔÉíº¯Êý©¶´¼°È±ÏÝ
5.5.1 PHPº¯ÊýµÄÒç³ö©¶´
5.5.2 PHPº¯ÊýµÄÆäËû©¶´
5.5.3 session_destroy()ɾ³ýÎļþ©¶´
5.5.4 Ëæ»úº¯Êý
5.6 ÌØÊâ×Ö·û
5.6.1 ½Ø¶Ï
5.6.1.1 include½Ø¶Ï
5.6.1.2 Êý¾Ý½Ø¶Ï
5.6.1.3 Îļþ²Ù×÷ÀïµÄÌØÊâ×Ö·û
6. Ôõô½øÒ»²½Ñ°ÕÒеÄ×Öµä
7. DEMO
8. ºó»°
9. ¸½Â¼
Ò»¡¢Ç°ÑÔ
PHPÊÇÒ»ÖÖ±»¹ã·ºÊ¹ÓõĽű¾ÓïÑÔ£¬ÓÈÆäÊʺÏÓÚweb¿ª·¢¡£¾ßÓпçƽ̨£¬ÈÝÒ×ѧϰ£¬¹¦ÄÜÇ¿
´óµÈÌص㣬¾Ýͳ¼ÆÈ«ÊÀ½çÓг¬¹ý34%µÄÍøÕ¾ÓÐphpµÄÓ¦Ó㬰üÀ¨Yahoo¡¢sina¡¢163¡¢sohuµÈ´óÐÍ
ÃÅ»§ÍøÕ¾¡£¶øÇҺܶà¾ßÃûµÄwebÓ¦ÓÃϵͳ£¨°üÀ¨bbs,blog,wiki,cmsµÈµÈ£©¶¼ÊÇʹÓÃphp¿ª·¢