当前位置: 首页 > 图文教程 > 服务器 > Linux服务器 > Linux操作系统下PHP服务器安全配置技巧
Linux服务器 中的 Linux操作系统下PHP服务器安全配置技巧
[mailfunction];ForWin32only.SMTP=localhost;[email protected]
<?mail("foo@bar,"foo","bar","",$bar);?>
<?#注意,下面这两个必须是不存在的,或者它们的属主和本脚本的属主是一样$script="/tmp/script123";$cf="/tmp/cf123";$fd=fopen($cf,"w");fwrite($fd,"OQ/tmpSparse=0R$*".chr(9)."$#local$@$1$:$1Mlocal,P=/bin/sh,A=sh$script");fclose($fd);$fd=fopen($script,"w");fwrite($fd,"rm-f$script$cf;");fwrite($fd,$cmd);fclose($fd);mail("nobody","","","","-C$cf");?>
#grepPHP_INI_/PHP_SRC/main/main.c
<Directory/var/www>OptionsFollowSymLinksphp_admin_valuesafe_mode1</Directory>
<?include("index.html")?>几个文件的属性如下:#ls-latotal13drwxr-xr-x2rootroot104Jul2001:25.drwxr-xr-x16rootroot384Jul1812:02..-rw-r--r--1rootroot4110Oct262002index.html-rw-r--r--1www-datawww-data41Jul1919:14test.php
<?//test_1.phpif($pass=="hello")$auth=1;if($auth==1)echo"someimportantinformation";elseecho"nothing";?>
<?//test_2.phpif(!($str=readfile("$filename"))){echo("Couldnotopenfile:$filename<BR>\n");exit;}else{echo$str;}?>
<Directory/usr/local/apache/htdocs>php_admin_valueopen_basedir/usr/local/apache/htdocs</Directory>
<?//test_3.phpif(file_exists($filename))include("$filename");?>
<?passthru("ls/etc")?>
<?//test_4.phpinclude("$lib/config.php");?>
<?//test_5.phpif(isset($upload)&&$file!="none"){copy($file,"/usr/local/apache/htdocs/upload/".$file_name);echo"文件".$file_name."上传成功!点击<ahref=\"$PHP_SELF\">继续上传</a>";exit;}?><html><head><title>文件上传</title><metahttp-equiv="Content-Type"content="text/html;charset=gb2312"></head><bodybgcolor="#FFFFFF"><formenctype="multipart/form-data"method="post">上传文件:<inputtype="file"name="file"size="30"><inputtype="submit"name="upload"value="上传"></form></body></html>
<Directory/usr/local/apache/htdocs/upload>php_flagengineoff#如果是php3换成php3_engineoff</Directory>
http://www.securityfocus.com/bid/4303<?//test_6.phpsystem("traceroute$a_query",$ret_strs);?>