본문 바로가기
2. Information Security/1. Insight

1. PHP Security

by H232C 2019. 10. 20.

1. PHP Version Update / Patch

 

2. Register_globals

 

3. Apache AddHandler

 

4. Prepared Statements

 

5. PDO

 

6. htmlentities, htmlspecialchars (&, "", '', <, >)

<?php

$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str)."\n";

// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str, ENT_QUOTES);

?>

 

7. mysql_real_ecape_string : \x00, \n, \r, \, ', ", \x1a

 

 - x00 = 숫자 0을 의미 / \n Line Feed (다음줄) / \r Carriage Return (해당 줄의 맨 앞줄) / \x1a Ctrl+Z = EoF

 

8. addslashes : ', ", \, null

 

9. eval, exec, shell_exec, proc_open, popen, passthru

 

10. file, system, readfile, fopen, file_get_contents

 

11. include, require

 

12. phpinfo

 

13. preg_replace

'2. Information Security > 1. Insight' 카테고리의 다른 글

6. Filtering 우회  (0) 2020.02.11
5. Filtering 우회  (0) 2020.02.05
4. SQL INJECTION CHEAT SHEET (SQL 인젝션 치트 시트)  (0) 2020.02.04
3. XSS  (0) 2020.01.13
2. SQL INJECTION CHEAT SHEET (SQL 인젝션)  (0) 2019.10.20

관련글

댓글

티스토리툴바