PHP Web应用程序上传漏洞的攻防研究

摘要

基于PHP（hypertext preprocessor）的Web应用程序是目前互联网中使用最为广泛的Web应用，一旦PHP Web应用程序出现安全漏洞，系统中存储的数据和用户的安全就受到很大的威胁。因此，PHP Web应用程序的安全漏洞受到越来越多的关注，如何对PHP Web应用程序进行安全防护已经成为当前研究的一大热点。在PHP Web安全中出现概率很大而且危害也很大的攻击有跨站脚本漏洞、SQL注入漏洞、代码执行漏洞及上传漏洞等。目前在跨站脚本漏洞、SQL注入漏洞和代码执行漏洞等领域都已经有了系统的攻防研究，特别是SQL注入漏洞更是人们关注的热点。而针对PHP Web应用程序上传漏洞却缺少系统性的攻防研究，一些防范方法也已经过时，很多攻击技术和防范方法都没有涉及。文章首先对PHP Web应用上传漏洞进行了全面详细的分析，接着给出具体详细的防护措施，最后总结出PHP Web应用程序文件上传功能的安全开发建议。%The Web application set up by PHP (hypertext preprocessor) is the most widely use in the Internet. Once the PHP Web application with security vulnerability, the security of the data and the users of the system is greatly threaten. Because of this, the security vulnerability of PHP Web applications is getting more and more attention. How to secure the PHP Web application protection has become a hot spot in the research of the current. There is a lot of probability and the damage is great attack in the security of PHP Web. They are XSS vulnerability, SQL injection vulnerability, code execution vulnerability and upload vulnerability etc. So far, there has been a system of defensive research in XSS, SQL vulnerabilities and code execution vulnerability and other fields, the SQL injection is more popular in the top. Correspondingly, the Web PHP applications of upload vulnerability are lack of a systematic attack and defense research. Related content could appear in only one chapter in an article, some of these prevention methods are outdated, and many of the latest attack techniques and prevention methods are not involved. The article analyzes carefully on the ifle upload attack in PHP Web application and gives the corresponding protective measures, and sums up some security development suggestions about ifle-upload capabilities in PHP Web application.