《安全编码实战经验》由会员分享,可在线阅读,更多相关《安全编码实战经验(57页珍藏版)》请在金锄头文库上搜索。
1、PHP ?2016/5/11if you cant explain it simply, You dont understand it.know it then hack it !?1.1 ? C ? Linux 64 ?Linux 64 ?1.2 Linux 64 ?1.3 Linux 64 ?1.4 Linux 64 ?gcc -g overflow.c -z execstack -fno-stack-protector -o overflow.o php version ? IO ? ? discuz ?2.11 ? GPC? S? GPC ? S ?$ip = $_SERVERHTTP
2、_X_FORWARDED_FOR; mysql_query(“INSERT TABLE user SET regip=$ip”);$ip = $_SERVERHTTP_X_FORWARDED_FOR; $arr = array_filter(explode(, $ip); $ip = end($arr); $ip = long2ip(ip2long($ip);2.12 ? PHP ?2.13 ? PHP JS C? C ?a ? 0x61? 0 ? PHP ? intval() ? = 0 ?XSS ?2.14 ? wooyun ? felixk3y ?https:/*.*.*.*/5107/
3、upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107
4、/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?http:/*.*.*.*/5107/upload/uploadFlash.php ?ICC?Web Server ?Apache ? 123.php.xxx ? phpnginx ? 123.jpg/123.php ? phpPHP ?get_magic_quote_gpc() 5.4.0 ? FALSE?register_global PHP 5.4 ?2.15 XSS
5、? HTML ? “ $avatar_url = htmlspecialchars($_GETavatar_url);mysql_query(“INSERT INTO xxx SET avatar_url=$avatar_url”);XSS ? URL? cookie? GET POST ? cookie ? HTTPONLY? GET POST ? XSS ? HTML ? ? onload onerror? XSS ? HTML ? tagname attrname attrvalue, css ? HTML ?XML_HTMLSax3? PHP7? Xiuno BBS ?https:/ CSS ?2.16 ? XSS ?&?3.1 ?3.2 ? ?FTP ?SSH ?QQ ? ?SNS?QQ? ?3.3 ?zxj1990 zxj19901210 zxj1210 Zxj1990 zhangxiaojun1990 zhangxiaojun1210 zhang1990 zhang18612345678 12345678zhang zxj18612345678 zxj1990 zxj1234 zxj123456 zxj12345678 12345678zxj? ZhangXiaoJun 19901210 18612345678 3.4 ?