本文探讨了PHP中如何通过禁用危险函数来增强代码安全性,展示了如何使用黑名单方式防止潜在的攻击,并通过具体代码示例说明了如何实现这一功能。
抓包看参数 联想到函数 读index.php代码
func=file_get_contents&p=index.php
<?php
$disable_fun = array("exec","shell_exec","system","passthru","proc_open","show_source","phpinfo","popen","dl","eval","proc_terminate","touch","escapeshellcmd","escapeshellarg","assert","substr_replace","call_user_func_array","call_user_func","array_filter", "array_walk", "array_map","registregister_shutdown_function","register_tick_function","filter_var", "filter_var_array", "uasort", "uksort", "array_reduce","array_walk", "array_walk_recursive","pcntl_exec","fopen","fwrite","file_put_contents");
function gettime($func, $p) {
$result = call_user_func($func, $p);
$a= gettype($result);
if ($a == "string") {
return $result;
&n
最低0.47元/天 解锁文章
扫一扫
773
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
