CIACTech08-001: Understanding PHP Exploits

Tags

php, security, understanding

Special Forums Cybersecurity Security Advisories (RSS) CIACTech08-001: Understanding PHP Exploits

02-05-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

CIACTech08-001: Understanding PHP Exploits

Many websites use the PHP programming language to build web pages on the fly from individual files and from values obtained from a database. PHP based websites are widely used to create Wikis such as MediaWiki used for Wikipedia. If the PHP programs that generate the web pages are not carefully crafted to check user input before it is used, an intruder could inject code into a page and get it executed.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

for loop (001 to 500)

hey, how do i create a for loop that runs for i from 001 to 500 ? i need that the zero prefix will remain so when i print "i" it will look like so: 001 002 . . 008 009 . . 058 059 . . 500 please advise.

2. Shell Programming and Scripting

How can get the value 001 using shell script

Hi Gurus, Please help in this shell script. x=000 y=`expr $x + 1` echo $y which gives me the value as 1 How can i get the value as 001 in this shell script. As i am new to scripting stuck up here. Requesting here help here

LEARN ABOUT PHP

token_get_all

TOKEN_GET_ALL(3)							 1							  TOKEN_GET_ALL(3)

token_get_all - Split given source into PHP tokens

SYNOPSIS

       array token_get_all (string  $source)

DESCRIPTION

       token_get_all(3) parses the given $source string into PHP language tokens using the Zend engine's lexical scanner.

	For a list of parser tokens, see "List of Parser Tokens", or use token_name(3) to translate a token value into its string representation.

PARAMETERS

	      o $source
		- The PHP source to parse.

RETURN VALUES

	An  array  of token identifiers. Each individual token identifier is either a single character (i.e.: ;, ., >, !, etc...), or a three ele-
       ment array containing the token index in element 0, the string content of the original token in element 1 and the line number in element 2.

EXAMPLES

       Example #1

	      token_get_all(3) examples

	      <?php
	      $tokens = token_get_all('<?php echo; ?>'); /* => array(
								array(T_OPEN_TAG, '<?php'),
								array(T_ECHO, 'echo'),
								';',
								array(T_CLOSE_TAG, '?>') ); */

	      /* Note in the following example that the string is parsed as T_INLINE_HTML
		 rather than the otherwise expected T_COMMENT (T_ML_COMMENT in PHP <5).
		 This is because no open/close tags were used in the "code" provided.
		 This would be equivalent to putting a comment outside of <?php ?> tags in a normal file. */
	      $tokens = token_get_all('/* comment */'); // => array(array(T_INLINE_HTML, '/* comment */'));
	      ?>

CHANGELOG

       +--------+----------------------------------------+
       |Version |					 |
       |	|					 |
       |	|	       Description		 |
       |	|					 |
       +--------+----------------------------------------+
       | 5.2.2	|					 |
       |	|					 |
       |	| Line numbers are returned in element 2 |
       |	|					 |
       +--------+----------------------------------------+
PHP Documentation Group 													  TOKEN_GET_ALL(3)

Security Advisories (RSS)