php第三方编码转换类安全警告
漏洞说明:在外面广泛使用的众多php编码转换类中,已经被证明在某些情况下会存在安全问题,构造畸形的数据将导致转换类的结果不可靠,从而可能使数据绕过系统的安全认证,一些开源...
标签 ‘ PHP’ 的归档
PHP安全《PHP Security》
来源:Tr4c3’s blog
[ 原书信息 ]
《SAMS Teach Yourself PHP in 10 Minutes》
Author: Chris Newman
Publisher : Sams Publishing
Pub Date : March 29, 2005
ISBN : 0-672-32762-7
Pages : 264
[ 翻译...
PHP security analysis
来源:Tr4c3’s blog
There are many tools out in market for security analysis of PHP codes.
Some of them are mentioned below:
1. PHP Security Scanner:
Desc: PHP Security Scanner is a tool written in PHP intended to search
php源码审计工具--PHP Source Auditor 4 released
一个用perl写的php源码审计工具
注释by:Neeao
from:http://iron.randombase.com/2008/05/13/php-source-auditor-4-released/
All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) n...
PHP Underground Security
来源:Tr4c3’s blog
/================================================================================\
---------------------------------[ PLAYHACK.net ]---------------------------------
\==========================================...
php escapeshellcmd多字节编码漏洞解析及延伸
作者:T_Torchidy (jnchaha_at_163.com)
来源:安全焦点
漏洞公告在http://www.sektioneins.de/advisories/SE-2008-03.txt
PHP 5 <= 5.2.5
PHP 4 <= 4.4.8
一些允许如GBK,EUC-KR, SJIS等宽字节字符集...
