the php variable overwrite vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201338233
Type myhack58
Reporter 佚名
Modified 2013-04-10T00:00:00


Two cases, the first kind of register_globals,the second anthropogenic variable coverage

1, The register_globals mean is registered as global variable, so when On when the passed value will be directly registered as global variables directly used, and Off when we need to a specific array to get it. PHP4 by default, and PHP5 later turned off by default.

2, the artificial variable coverage, the following code:

<? php foreach ($_GET as $key => $value) { ${$key} = $value; } echo $a; ?>

get get the data in$key and$value,key, line 3,${$key}use the get transmission to come in$key as a new variable,which will get pass to come in the$value assigned to it. If you pass into the parameter http://itsafe. org/test. php? a=1 to Line 3 back analysis for$a=1. Knowledge point: a variable variable,$$a,${$a}