CIACTech08-001: Understanding PHP Exploits

Tags

php, security, understanding

Special Forums Cybersecurity Security Advisories (RSS) CIACTech08-001: Understanding PHP Exploits

02-05-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

CIACTech08-001: Understanding PHP Exploits

Many websites use the PHP programming language to build web pages on the fly from individual files and from values obtained from a database. PHP based websites are widely used to create Wikis such as MediaWiki used for Wikipedia. If the PHP programs that generate the web pages are not carefully crafted to check user input before it is used, an intruder could inject code into a page and get it executed.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

for loop (001 to 500)

hey, how do i create a for loop that runs for i from 001 to 500 ? i need that the zero prefix will remain so when i print "i" it will look like so: 001 002 . . 008 009 . . 058 059 . . 500 please advise.

2. Shell Programming and Scripting

How can get the value 001 using shell script

Hi Gurus, Please help in this shell script. x=000 y=`expr $x + 1` echo $y which gives me the value as 1 How can i get the value as 001 in this shell script. As i am new to scripting stuck up here. Requesting here help here

LEARN ABOUT PHP

php_sapi_name

PHP_SAPI_NAME(3)							 1							  PHP_SAPI_NAME(3)

php_sapi_name - Returns the type of interface between web server and PHP

SYNOPSIS

       string php_sapi_name (void  )

DESCRIPTION

	Returns  a  lowercase  string  that describes the type of interface (the Server API, SAPI) that PHP is using. For example, in CLI PHP this
       string will be "cli" whereas with Apache it may have several different values depending on the exact SAPI used. Possible values are  listed
       below.

RETURN VALUES

	Returns the interface type, as a lowercase string.

	Although  not  exhaustive,  the  possible  return values include aolserver, apache, apache2filter, apache2handler, caudium, cgi (until PHP
       5.3), cgi-fcgi, cli, cli-server, continuity, embed, fpm-fcgi, isapi, litespeed, milter, nsapi, phttpd, pi3web, roxen, thttpd, tux, and web-
       james.

EXAMPLES

       Example #1

	      php_sapi_name(3) example

	       This example checks for the substring cgi because it may also be cgi-fcgi.

	      <?php
	      $sapi_type = php_sapi_name();
	      if (substr($sapi_type, 0, 3) == 'cgi') {
		  echo "You are using CGI PHP
";
	      } else {
		  echo "You are not using CGI PHP
";
	      }
	      ?>

NOTES

       Note

	      An alternative approach

	       The PHP constant PHP_SAPI has the same value as php_sapi_name(3).

       Tip

	      A potential gotcha

	       The defined SAPI may not be obvious, because for example instead of apache it may be defined as apache2handler or apache2filter.

SEE ALSO

       PHP_SAPI.

PHP Documentation Group 													  PHP_SAPI_NAME(3)

Security Advisories (RSS)