PHP global variables with the SESSION vulnerability, global and session-vulnerability warning-the black bar safety net
2012-07-24T00:00:00
ID MYHACK58:62201234420 Type myhack58 Reporter 佚名 Modified 2012-07-24T00:00:00
Description
The first to see this a simple piece of code
<? php
session_start();$_SESSION['isadmin']='yes';$isadmin='no';echo $_SESSION['isadmin'];?& gt;
When php. ini in the configuration register_globals = Off,
Without any problems,
Output yes but
When php. ini in the configuration register_globals = On time,
First run output yes
And refresh, the display is no obviously this is not normal,
This is a very strange problem,
If that is $isadmin='no'; change the SESSION, the
Then why for the first time will show yes? All know: when the configuration register_globals = On time,
By xxx. php? id=1 2 3 access, the program will automatically create a variable id
Then the automatically created variables will not change the SESSION?
Test code
<? php
//xxx.php
session_start();
echo $_SESSION['id'];
?& gt;
By xxx. php? id=1 2 3 access, no any output,
Okay, otherwise don't know will have how much
The use of SESSION do login
And the PHP configuration register_globals to On the website
Will be just the login. There are two commonly used function import_request_variables() and extract()
import_request_variables-will GET/POST/Cookie variables imported into the global scope
the extract -- from the array in the variables into the current symbol table
<? php
//xxx. phpimport_request_variables('G');
echo $id;?& gt;
When by xxx. php? id=1 2 3 access the time,
Even if register_globals is set to Off
Is also will output 123extract($_GET) and import_request_variables('G') function is similar to then try import_request_variables() and extract()creates variables will not affect the SESSION?
{"type": "myhack58", "edition": 1, "title": "PHP global variables with the SESSION vulnerability, global and session-vulnerability warning-the black bar safety net", "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "93033dd279a56bf1134dc752a42f2a65"}, {"key": "href", "hash": "0ff0172652d4f3e816ab0c233bcc4198"}, {"key": "modified", "hash": "fbb8508c7166539dd8c666704e744355"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "fbb8508c7166539dd8c666704e744355"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "645396391020478112635e14b34a0f8b"}, {"key": "title", "hash": "5082f08f2892f007937a91a821309b23"}, {"key": "type", "hash": "0665a8b0792e65b50ab13aef58a018dc"}], "references": [], "bulletinFamily": "info", "published": "2012-07-24T00:00:00", "lastseen": "2016-11-12T18:16:05", "history": [], "modified": "2012-07-24T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2012/34420.htm", "hash": "d1e69690f89b24a74932a4029b8157af9caa012c4ced7a5a0e16df3962cf5832", "viewCount": 1, "objectVersion": "1.2", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2016-11-12T18:16:05"}, "vulnersScore": 7.5}, "cvelist": [], "id": "MYHACK58:62201234420", "description": "The first to see this a simple piece of code \n<? php \nsession_start();$_SESSION['isadmin']='yes';$isadmin='no';echo $_SESSION['isadmin'];?& gt; \nWhen php. ini in the configuration register_globals = Off, \nWithout any problems, \nOutput yes but \nWhen php. ini in the configuration register_globals = On time, \nFirst run output yes \nAnd refresh, the display is no obviously this is not normal, \nThis is a very strange problem, \nIf that is $isadmin='no'; change the SESSION, the \nThen why for the first time will show yes? All know: when the configuration register_globals = On time, \nBy xxx. php? id=1 2 3 access, the program will automatically create a variable id \nThen the automatically created variables will not change the SESSION? \nTest code \n<? php \n//xxx.php \nsession_start(); \necho $_SESSION['id']; \n?& gt; \nBy xxx. php? id=1 2 3 access, no any output, \nOkay, otherwise don't know will have how much \nThe use of SESSION do login \nAnd the PHP configuration register_globals to On the website \nWill be just the login. There are two commonly used function import_request_variables() and extract() \nimport_request_variables-will GET\uff0fPOST\uff0fCookie variables imported into the global scope \nthe extract -- from the array in the variables into the current symbol table \n<? php \n//xxx. phpimport_request_variables('G'); \necho $id;?& gt; \nWhen by xxx. php? id=1 2 3 access the time, \nEven if register_globals is set to Off \nIs also will output 123extract($_GET) and import_request_variables('G') function is similar to then try import_request_variables() and extract()creates variables will not affect the SESSION?\n\n**[1] [[2]](<34420_2.htm>) [next](<34420_2.htm>)**\n"}
