Month of PHP Security Summary
it is 21th of May. The Month of PHP Security
(http://www.php-security.org) is still running and we have reached a
vulnerability count of 40 vulnerabilities, which is nearly as much as we
disclosed during the whole Month of PHP Bugs in 2007. However there are
11 more days until the end of May and therefore there are still plenty
of more vulnerabilities to come. Escpecially the amount of SQL injection
vulnerabilites in PHP applications will increase, because it is called
SQL injection marathon for a reason. And we also have several articles
and submissions left.
There have been some changes to the website that should make it easier
to read and we also added the possiblity to comment on bugs/entries/news
and articles.
For those that don't already know you can follow the Month of PHP
Security on Twitter, too. Just follow @mops_2010
Here is the summary of what happened during the last 10 days.
Related Events
--------------
Returning into the PHP Interpreter – Remote Exploitation of Memory
Corruptions in PHP is not over, yet.
http://php-security.org/2010/05/21/related-event-returning-into-the-php-interpreter-remote-exploitation-of-memory-corruptions-in-php-is-not-over-yet/
PHP Security Course – Advanced PHP Auditing at Source and Bytecode level
http://php-security.org/2010/05/19/related-event-php-security-course-advanced-php-auditing-at-source-and-bytecode-level/
Articles
--------
MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP
code injection and evaluation
http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/
MOPS Submission 06: Variable Initialization in PHP
http://php-security.org/2010/05/17/mops-submission-06-variable-initialization-in-php/
Article: Decoding a User Space Encoded PHP Script
http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-script/
MOPS Submission 05 – The Minerva PHP Fuzzer
http://php-security.org/2010/05/11/mops-submission-05-the-mi
Ïà¹ØÎĵµ£º
PHP×÷ΪһÖÖ·þÎñÆ÷¶ËµÄ½Å±¾ÓïÑÔ£¬Ïó±àд¼òµ¥£¬»òÕßÊǸ´ÔӵĶ¯Ì¬ÍøÒ³ÕâÑùµÄÈÎÎñ£¬ËüÍêÈ«Äܹ»Ê¤ÈΡ£µ«ÊÂÇé²»×ÜÊÇÈç´Ë£¬ÓÐʱΪÁËʵÏÖij¸ö¹¦ÄÜ£¬±ØÐë½èÖúÓÚ
²Ù×÷ϵͳµÄÍⲿ³ÌÐò£¨»òÕß³Æ֮ΪÃüÁ£¬ÕâÑù¿ÉÒÔ×öµ½Ê°빦±¶¡£
¡¡¡¡ÄÇô£¬ÊÇ·ñ¿ÉÒÔÔÚPHP½Å±¾Öе÷ÓÃÍⲿÃüÁîÄØ£¿Èç¹ûÄÜ£¬ÈçºÎÈ¥×öÄØ£¿
ÓÐЩʲô·½ÃæµÄ¹ËÂÇÄØ£¿ÏàÐÅÄã ......
֮ǰPHPʵÏÖ¶àÓïÑÔ¹ú¼Ê»¯£¬´ó²¿·Ö¶¼»á²ÉÓðÑÓïÑÔÖ±½ÓÌá³öÀ´×÷ΪÊý×éÀ´µ÷Óã¬ÀýÈç±È½ÏÓÐÃûphpMyadmin£¬discuzµÈÖªÃû¿ªÔ´ÏµÍ³£¬²»¹ý£¬ÕâÀï½éÉÜÈçºÎͨ¹ýgettext£¬¼´ÓÃ×ÊÔ´ÎļþÀ´ÊµÏÖ¡£µäÐ͵ÄCMS°¸Àý-wordpressÒ²ÊÇͨ¹ýËüʵÏÖµÄÓïÑÔ¹ú¼Ê»¯£¬ÏÂÃæÀ´ËµÏÂphpÖÐÈçºÎÀ´ÀûÓÃÅäÖÃÎļþʵÏÖ¹ú¼Ê»¯µÄ¡£
Ê×ÏȽéÉÜÏÂ.MOÎļþ£¬ÔÚPHPÖÐÊÇÀûÓà ......
×Ö·û´®µÄ²Ù×÷ÔÚPHP±à³ÌÖÐÕ¼ÓÐÖØÒªµÄµØ룬¼¸ºõËùÓÐPHP½Å±¾µÄÊäÈëºÍÊä³ö¶¼Óõ½×Ö·û´®¡£ÓÈÆäÔÚPHPÏîÄ¿¿ª·¢¹ý³ÌÖУ¬ÎªÁËʵÏÖijÏÄÜ£¬¾©³ÇÐèÒª¶ÔijЩ×Ö·û´®½øÐÐÌØÊâ´¦Àí£¬Èç»ñÈ¡×Ö·û´®µÄ³¤¶È¡¢½ØÈ¡×Ö·û´®¡¢Ìæ»»×Ö·û´®µÈ¡£ËùÒÔÕâÒ²ÊÇÎÒÃǽñÌì¿Î³ÌµÄÖ÷ÒªÄÚÈÝ£¬Ï£ÍûѧԱ¿ÉÒÔÈÏÕæѧϰ£¬ÇÚ¼ÓÁ·Ï°¡£
8.3.1 È¥³ý×Ö·û´®Ê×λ¿Õ¸ñºÍÌØÊ ......
¹ØÓÚPHPµÄǰ;£¨Èý£© £¨À´×Ô±¾Õ¾µÄÏûÏ¢£©
6.PHPµÄ¼òÒªÀúÊ·
PHP×î³õ×÷ΪһÖÖÓÃPerlд³ÉµÄ¼òµ¥Ð¡ÇɵÄCGI¹¤¾ß£¬±»³ÆΪ“¸öÈËÖ÷Ò³¹¤¾ß£¨Personal Home Page Tools£©”£¬ºóÀ´¸Ä³ÆΪ“¸öÈËÖ÷Ò³¹¹½¨¹¤¾ßÏ䣨Personal Home Page Construction Kit£©”¡£
Ò²Ôø½Ð×ö“רҵÖ÷Ò³¹¤¾ß£¨Professional Home P ......
Àý×Ó³ÌÐò¡£
<?php
define('CLIENT_MULTI_RESULTS', 131072);
$link = mysql_connect("127.0.0.1", "root", "",1,CLIENT_MULTI_RESULTS) or die("Could not connect: ".mysql_error());
mysql_select_db("vs") or die("Could not select database");
?> ......
