There are five common vulnerabilities in PHP at present. They are session file vulnerability, SQL injection vulnerability, script command execution vulnerability, global variable vulnerability and file vulnerability. Here is a brief introduction to these vulnerabilities.
1, session file vulnerability
Session attack is one of the most commonly used attacks by hackers. When users visit a website, in order to prevent customers from entering their own account and password every time they enter the page, PHP sets up Session and Cookie to facilitate users' use and access.
2.SQL injection vulnerability
When developing a website, programmers lack comprehensive judgment on the user's input data or the filtering is not strict, which leads the server to execute some malicious information, such as user information query. Hackers can obtain corresponding information according to the results returned by malicious programs. This is a SQL injection leak in the belly of the moon.
3, script execution vulnerabilities
The common reason of script execution vulnerability is that programmers did not filter the URL parameters submitted by users when developing websites, and the URL submitted by users may contain malicious code, which leads to cross-site script attacks. Previous PHP websites often had script execution vulnerabilities, but with the upgrade of PHP version, these problems have been reduced or disappeared.
4. Vulnerability of global variables
Variables in PHP do not need to be declared in advance like other development languages. Variables in PHP can be used directly without declaration, and the system automatically creates them when they are used, without explaining the variable type. The system will automatically determine the variable type according to the context. This method can greatly reduce the probability of programmers' programming mistakes and is very convenient to use.
5. File vulnerabilities
File vulnerabilities are usually due to the lack of adequate filtering of externally provided data when website developers design websites, which leads to hackers using vulnerabilities to execute corresponding commands in the web process.
Second, the prevention measures of common vulnerabilities in PHP
1, to prevent session vulnerability
From the previous analysis, we can know that the most common session attack is session hijacking, that is, hackers obtain the user's session ID through various attacks, and then log in to the corresponding website using the identity of the attacked user. To this end, we can take the following measures to prevent it: First, we can change the session ID regularly, which can be realized by PHP's own functions; The second is to change the name of the session. Under normal circumstances, the default name of a session is PHPSESSID. This variable is usually stored in a cookie. If you change your name, you can block some attacks by hackers. The third is to turn off the transparent session ID. The so-called transparency means that when http requests don't use cookies to make Session id, Session id is passed through the link. Turning off the transparent session ID can be achieved by operating the PHP.ini file. The fourth is to pass hidden parameters through URL, which can ensure that even if the hacker obtains the session data, it is difficult for him to obtain the variable value of Session ID because the related parameters are hidden.
2. Prevent SQL injection vulnerabilities
There are many ways for hackers to inject SQL, and they are very flexible, but the similarity of SQL injection is to filter vulnerabilities with input. Therefore, in order to fundamentally prevent SQL injection, the fundamental solution is to strengthen the filtering of request commands, especially query request commands. Specifically, it includes the following points: First, parameterize the filtering statements, that is, input user information through parameterized statements instead of directly embedding user input into the statements. Second, when developing websites, use explanatory programs as little as possible, and hackers often use this method to execute illegal instructions; Third, try to avoid bugs in website development, otherwise hackers may use this information to attack websites; Just defending against SQL injection is not enough. In addition, we should often use professional vulnerability scanning tools to scan the website for vulnerabilities.
3. Prevent script execution vulnerabilities
Hackers use script execution vulnerabilities to attack in various and flexible ways. Therefore, it is necessary to adopt a comprehensive means of various preventive measures to effectively prevent hackers from attacking script execution loopholes. There are four methods commonly used here. One is to preset the path of the executable file.
4, global variable vulnerability prevention.
For the vulnerability of PHP global variables, the previous PHP version also had such problems, but after the PHP version was upgraded to 5.5, it can be realized by setting php.ini and setting ruquest_order as GPC. In addition, in the php.ini configuration file, you can set whether backslashes overflow characters in externally attracted data through the Boolean value of Magic_quotes_runtime. In order to ensure that the website program can run in any setting state of the server.
5. Prevention of file loopholes
For PHP file leakage, you can set up and configure the server to prevent it. The specific operation here is as follows: first, turn off the error prompt in PHP code to prevent hackers from obtaining database information and physical paths of web pages through error prompts; The second is to set open_basedir wholeheartedly, that is, to prohibit file operations outside the directory; This can protect local files or remote files from attacks. Attention should also be paid to prevent attacks on session files and uploaded files. Third, set safe-made to open state to standardize the command to be executed. By prohibiting file uploading, the security factor of PHP website can be effectively improved.