Web Security Learning
stable

Content Index:

  • 1. Prologue
  • 2. Computer Networks and Protocols
  • 3. Information Collection
  • 4. Common vulnerability attack and defense
  • 5. Language and Framework
    • 5.1. PHP
      • 5.1.1. Backdoor
      • 5.1.2. Deserialization
      • 5.1.3. Disable Functions
      • 5.1.4. Open Basedir
      • 5.1.5. Security related configuration
        • 5.1.5.1. Function and class restrictions
        • 5.1.5.2. Directory Access Restrictions
        • 5.1.5.3. Remote Reference Restrictions
        • 5.1.5.4. Session
      • 5.1.6. PHP Stream
      • 5.1.7. htaccess injection payload
      • 5.1.8. WebShell
      • 5.1.9. Code Obfuscation
      • 5.1.10. Phar
      • 5.1.11. Sink
      • 5.1.12. Other
      • 5.1.13. Version Security Changes
      • 5.1.14. Tricks
      • 5.1.15. Reference Links
    • 5.2. Python
    • 5.3. Java
    • 5.4. JavaScript
    • 5.5. Golang
    • 5.6. Ruby
    • 5.7. ASP
    • 5.8. PowerShell
    • 5.9. Shell
    • 5.10. CSharp
  • 6. Intranet penetration
  • 7. Cloud Security
  • 8. Defense Technology
  • 9. Authentication Mechanism
  • 10. Tools and Resources
  • 11. Manual Quick Check
  • 12. Others
Web Security Learning
  • »
  • 5. Language and Framework »
  • 5.1. PHP »
  • 5.1.5. Security related configuration

5.1.5. Security related configuration¶

5.1.5.1. Function and class restrictions¶

Can pass``disable_functions`` / disable_classes restrict PHP callable functions and classes.

5.1.5.2. Directory Access Restrictions¶

The directories accessible to PHP can be open_basedir restricted。

5.1.5.3. Remote Reference Restrictions¶

Remote file inclusion can be all_url_include restricted , which is disabled by default. Remote files can be opened by allow_url_fopen restricting , which is enabled by default.

5.1.5.4. Session¶

5.1.5.4.1. Session.Save¶

The default handler of PHP’s Session is a file, which is stored in session.save_path php.ini . If you have any permission to read and write files, you can modify or read the session. The session location can be obtained from phpinfo.

5.1.5.4.2. Session.Upload¶

PHP is default enabled by session.upload_progress.enabled, this option will cause the upload progress file to be generated, and its storage path can be obtained in phpinfo.

Then a special message can be constructed and sent to the server, which can be used in the case of LFI.

Previous Next

© Copyright 2019-2022, WebSecurity.

Built with Sphinx using a theme provided by Read the Docs.