CIACTech08-001: Understanding PHP Exploits

Tags

php, security, understanding

Special Forums Cybersecurity Security Advisories (RSS) CIACTech08-001: Understanding PHP Exploits

02-05-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

CIACTech08-001: Understanding PHP Exploits

Many websites use the PHP programming language to build web pages on the fly from individual files and from values obtained from a database. PHP based websites are widely used to create Wikis such as MediaWiki used for Wikipedia. If the PHP programs that generate the web pages are not carefully crafted to check user input before it is used, an intruder could inject code into a page and get it executed.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

for loop (001 to 500)

hey, how do i create a for loop that runs for i from 001 to 500 ? i need that the zero prefix will remain so when i print "i" it will look like so: 001 002 . . 008 009 . . 058 059 . . 500 please advise.

2. Shell Programming and Scripting

How can get the value 001 using shell script

Hi Gurus, Please help in this shell script. x=000 y=`expr $x + 1` echo $y which gives me the value as 1 How can i get the value as 001 in this shell script. As i am new to scripting stuck up here. Requesting here help here

LEARN ABOUT PHP

php_strip_whitespace

PHP_STRIP_WHITESPACE(3) 						 1						   PHP_STRIP_WHITESPACE(3)

php_strip_whitespace - Return source with stripped comments and whitespace

SYNOPSIS

       string php_strip_whitespace (string  $filename)

DESCRIPTION

	Returns the PHP source code in $filename with PHP comments and whitespace removed. This may be useful for determining the amount of actual
       code in your scripts compared with the amount of comments. This is similar to using php -w from the commandline.

PARAMETERS

	      o $filename
		- Path to the PHP file.

RETURN VALUES

	The stripped source code will be returned on success, or an empty string on failure.

       Note

	       This function works as described as of PHP 5.0.1. Before this it would only return an empty string. For more  information  on  this
	      bug and its prior behavior, see bug report #29606.

EXAMPLES

       Example #1

	      php_strip_whitespace(3) example

	      <?php
	      // PHP comment here

	      /*
	       * Another PHP comment
	       */

	      echo	  php_strip_whitespace(__FILE__);
	      // Newlines are considered whitespace, and are removed too:
	      do_nothing();
	      ?>

	      The above example will output:

	      <?php
	       echo php_strip_whitespace(__FILE__); do_nothing(); ?>

	       Notice the PHP comments are gone, as are the whitespace and newline after the first echo statement.

PHP Documentation Group 												   PHP_STRIP_WHITESPACE(3)

Security Advisories (RSS)