{"id":25,"date":"2023-06-05T13:23:58","date_gmt":"2023-06-05T05:23:58","guid":{"rendered":"http:\/\/pro369.com\/php\/?p=25"},"modified":"2019-08-02T12:06:00","modified_gmt":"2019-08-02T04:06:00","slug":"%e7%95%b6magic-quotes-gpcoff","status":"publish","type":"post","link":"https:\/\/por.tw\/php\/%e7%95%b6magic-quotes-gpcoff\/","title":{"rendered":"\u7576magic_quotes_gpc=off"},"content":{"rendered":"<p><span style=\"background-color: #ffff00; font-size: large;\"><strong>\u7576magic_quotes_gpc=off<\/strong><\/span><br \/>\nPstzine0x03\u88e1&#8221;[0x06] \u9ad8\u7d1aPHP\u4ee3\u78bc\u5be9\u6838\u6280\u8853&#8221;\u4e00\u6587\u4e2d\u95dc\u65bc &#8220;5.3.6 \u8b8a\u6578key\u8207\u9b54\u8853\u5f15\u865f&#8221; \u90e8\u5206\u7684php\u539f\u59cb\u7a0b\u5f0f\u78bc\u5206\u6790<br \/>\nauthor: ryat#www.wolvez.org<br \/>\nteam:http:\/\/www.80vul.com<br \/>\ndate:2009-04-10<br \/>\n\u4e00\u3001\u7d9c\u8ff0<br \/>\nmagic_quotes_gpc\u662fphp\u4e2d\u7684\u4e00\u500b\u5b89\u5168\u9078\u9805,\u5728php manual\u4e2d\u5c0d\u6b64\u6709\u5982\u4e0b\u63cf\u8ff0:<br \/>\nWhen on, all &#8216; (single-quote), &#8221; (double quote), (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does<br \/>\n\u96d6\u7136magic_quotes_gpc\u6709\u52a9\u65bc\u63d0\u5347\u7a0b\u5f0f\u7684\u5b89\u5168\u6027\u4e26\u4e14\u5728php\u4e2d\u9ed8\u8a8d\u958b\u555f,\u4f46\u540c\u6642\u4e5f\u5e36\u4f86\u4e86\u5176\u4ed6\u7684\u4e00\u4e9b\u554f\u984c,\u56e0\u6b64\u5728php6\u4e2d\u5c07\u53bb\u6389\u6b64\u9078\u9805\u3002<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/visdacom.com\/php\/wp-content\/uploads\/2019\/08\/PHP-Website-Design-8-650x433.jpg\" alt=\"\" class=\"alignnone size-medium wp-image-385\" width=\"650\" height=\"433\" \/><br \/>\n\u4e8c\u3001\u7576magic_quotes_gpc=off<br \/>\n\u8003\u616e\u5230\u90e8\u5206\u4f3a\u670d\u5668\u95dc\u9589\u4e86magic_quotes_gpc\u6216\u8005\u5176\u4ed6\u7684\u4e00\u4e9b\u539f\u56e0[\u5982\u5f71\u97ff\u529f\u80fd\u7b49],\u5f88\u591a\u7a0b\u5f0f\u5728\u5982magic_quotes_gpc=off\u4e0b\u81ea\u5df1\u5be6\u73fe\u4e00\u500b\u4ee3\u78bc\u4f86\u985e\u6bd4magic_quotes_gpc=on\u7684\u60c5\u6cc1. \u5982\u4e0b\u9762\u7684\u4e00\u6bb5\u4ee3\u78bc:<br \/>\ndefine(&#8216;MAGIC_QUOTES_GPC&#8217;, get_magic_quotes_gpc());<br \/>\n&#8230;<br \/>\nforeach(array(&#8216;_COOKIE&#8217;, &#8216;_POST&#8217;, &#8216;_GET&#8217;) as $_request) {<br \/>\nforeach($$_request as $_key =&gt; $_value) {<br \/>\n$_key{0} != &#8216;_&#8217; &amp;&amp; $$_key = daddslashes($_value);<br \/>\n}<br \/>\n}<br \/>\n&#8230;<br \/>\nfunction daddslashes($string, $force = 0) {<br \/>\n!defined(&#8216;MAGIC_QUOTES_GPC&#8217;) &amp;&amp; define(&#8216;MAGIC_QUOTES_GPC&#8217;, get_magic_quotes_gpc());<br \/>\nif(!MAGIC_QUOTES_GPC || $force) {<br \/>\nif(is_array($string)) {<br \/>\nforeach($string as $key =&gt; $val) {<br \/>\n$string[$key] = daddslashes($val, $force);<br \/>\n}<br \/>\n} else {<br \/>\n$string = addslashes($string);<br \/>\n}<br \/>\n}<br \/>\nreturn $string;<br \/>\n}<br \/>\n\u5229\u7528addslashes()\u51fd\u6578\u985e\u6bd4\u4e86magic_quotes_gpc=on\u6642\u7684\u6548\u679c,\u770b\u4e0a\u53bb\u5f88\u5b8c\u7f8e,\u5176\u5be6\u662f\u6709\u7f3a\u9677\u7684\u6216\u8005\u8aaa\u53ea\u662f\u985e\u6bd4\u4e86magic_quotes_gpc\u7684\u90e8\u5206\u529f\u80fd.<br \/>\n\u4e09\u3001magic_quotes_gpc\u7684\u4ee3\u78bc\u5206\u6790<br \/>\nphp\u5728\u8a3b\u518a$_GET\/$_POST\u7b49\u8d85\u5168\u57df\u8b8a\u6578\u6642magic_quotes_gpc\u90e8\u5206\u7684\u4ee3\u78bc:<br \/>\n\/\/ php_variables.c<br \/>\nPHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array TSRMLS_DC)<br \/>\n{<br \/>\n\/\/ \u5c0d\u8b8a\u6578\u503c\u7684\u8655\u7406<br \/>\n&#8230;<br \/>\nif (PG(magic_quotes_gpc)) {<br \/>\nZ_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &amp;Z_STRLEN(new_entry), 0 TSRMLS_CC);<br \/>\n} else {<br \/>\nZ_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));<br \/>\n}<br \/>\n&#8230;<br \/>\nPHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array TSRMLS_DC)<br \/>\n{<br \/>\n\/\/ \u5c0d\u8b8a\u6578\u540d\u7684\u8655\u7406<br \/>\n&#8230;<br \/>\nzend_bool is_array = 0;<br \/>\n&#8230;<br \/>\nfor (p = var; *p; p++) {<br \/>\nif (*p == &#8216; &#8216; || *p == &#8216;.&#8217;) {<br \/>\n*p=&#8217;_&#8217;;<br \/>\n} else if (*p == &#8216;[&#8216;) {<br \/>\nis_array = 1;<br \/>\nip = p;<br \/>\n*p = 0;<br \/>\nbreak;<br \/>\n}<br \/>\n}<br \/>\nvar_len = p &#8211; var;<br \/>\n\/\/ \u4e0a\u9762\u9019\u6bb5\u4ee3\u78bc\u6c92\u6709\u8003\u616e\u8b8a\u6578\u540d\u7684\u539f\u59cb\u9577\u5ea6,\u6240\u4ee5\u9019\u88e1\u662fnot binary safe<br \/>\n\/\/ \u4e5f\u5c31\u662f\u8aaa,\u63d0\u4ea4 test.php?ryat%00wst=1 \u5c07\u6703\u751f\u6210$_GET[&#8216;ryat&#8217;]=1<br \/>\n&#8230;<br \/>\nif (is_array) {<br \/>\n\/\/ \u5982\u679c\u8b8a\u6578\u540d\u662f\u9663\u5217\u7684\u5f62\u5f0f<br \/>\n&#8230;<br \/>\n} else {<br \/>\n\/\/ php &gt; 5.2.1<br \/>\nif (PG(magic_quotes_gpc)) {<br \/>\n\/\/ php = 4.x &amp;&amp; php &lt;= 5.2.1<br \/>\n\/\/ if (PG(magic_quotes_gpc) &amp;&amp; (index!=var)) {<br \/>\nescaped_index = php_addslashes(index, index_len, &amp;index_len, 0 TSRMLS_CC);<br \/>\n} else {<br \/>\nescaped_index = index;<br \/>\n}<br \/>\n&#8230;<br \/>\n} else {<br \/>\n\/\/ \u9019\u90e8\u5206\u7684magic_quotes_gpc\u8655\u7406\u548c\u4e0a\u9762\u4e00\u6a23<br \/>\n&#8230;<br \/>\n\u7531\u4e0a\u9762\u7684\u4ee3\u78bc\u53ef\u4ee5\u770b\u5230,magic_quotes_gpc=on\u6642\u4e0d\u50c5\u50c5\u7528addslashes\u8655\u7406\u4e86\u8b8a\u6578\u503c,\u800c\u4e14\u8655\u7406\u4e86\u8b8a\u6578\u540d[\u65e2$_GET\/$_POST\u7b49\u8d85\u5168\u57df\u8b8a\u6578\u7684key,\u53e6\u5916\u8981\u6ce8\u610f\u7684\u662f:[1]\u5728php4\u548cphp&lt;5.2.1\u7684\u7248\u672c\u4e2d,\u4e0d\u8655\u7406\u7b2c\u4e00\u7dad\u7684key:)]<br \/>\n\u800c\u524d\u9762\u90a3\u6bb5\u6a21\u64ecmagic_quotes_gpc\u7684\u4ee3\u78bc\u50c5\u50c5\u8655\u7406\u4e86\u9663\u5217\u7684\u503c,\u56e0\u6b64\u662f\u5b58\u5728\u5b89\u5168\u96b1\u60a3\u7684\u3002<br \/>\n\u56db\u3001\u5be6\u4f8b[ECShop SQL injection \u6f0f\u6d1e\u5206\u6790]<br \/>\n\u6587\u4ef6includes\/init.php\u5224\u65b7get_magic_quotes_gpc(),\u5982\u679c\u70baoff\u5247\u8abf\u7528addslashes_deep():<br \/>\n\/\/ includes\/init.php<br \/>\nif (!get_magic_quotes_gpc())<br \/>\n{<br \/>\nif (!empty($_GET))<br \/>\n{<br \/>\n$_GET = addslashes_deep($_GET);<br \/>\n}<br \/>\nif (!empty($_POST))<br \/>\n{<br \/>\n$_POST = addslashes_deep($_POST);<br \/>\n}<br \/>\n$_COOKIE = addslashes_deep($_COOKIE);<br \/>\n$_REQUEST = addslashes_deep($_REQUEST);<br \/>\n}<br \/>\naddslashes_deep()\u5728\u6587\u4ef6includes\/lib_base.php\u88e1\u6700\u5f8c\u901a\u904eaddslashes()\u8655\u7406<br \/>\n\/\/ includes\/lib_base.php<br \/>\nfunction addslashes_deep($value)<br \/>\n{<br \/>\nif (empty($value))<br \/>\n{<br \/>\nreturn $value;<br \/>\n}<br \/>\nelse<br \/>\n{<br \/>\nreturn is_array($value) ? array_map(&#8216;addslashes_deep&#8217;, $value) : addslashes($value);<br \/>\n\/\/ \u53ea\u8655\u7406\u4e86\u9663\u5217\u7684\u503c:)<br \/>\n}<br \/>\n}<br \/>\n\u4e0b\u9762\u770b\u4e0b\u5177\u9ad4\u7684\u5c0e\u81f4\u6f0f\u6d1e\u7684\u4ee3\u78bc,\u6587\u4ef6 pick_out.php\u88e1:<br \/>\n\/\/ pick_out.php<br \/>\nif (!empty($_GET[&#8216;attr&#8217;]))<br \/>\n{<br \/>\nforeach($_GET[&#8216;attr&#8217;] as $key =&gt; $value)<br \/>\n{<br \/>\n$key = intval($key);<br \/>\n$_GET[&#8216;attr&#8217;][$key] = htmlspecialchars($value);<br \/>\n\/\/ foreach\u8655\u7406\u7684\u662f\u6307\u5b9a\u9663\u5217\u7684\u62f7\u8c9d,\u6240\u4ee5\u9019\u88e1\u7684\u8655\u7406\u4e26\u4e0d\u5f71\u97ff\u9663\u5217\u539f\u5148\u7684key\u548cvalue<br \/>\n\/\/ \u56e0\u6b64\u53ef\u4ee5\u5f15\u5165\u4efb\u610f\u7684key:)<br \/>\n\/\/ \u7a0b\u5f0f\u5e2b\u7684\u908f\u8f2f\u51fa\u4e86\u554f\u984c?<br \/>\n}<br \/>\n}<br \/>\n&#8230;<br \/>\nforeach ($_GET[&#8216;attr&#8217;] AS $key =&gt; $value)<br \/>\n{<br \/>\n$attr_url .= &#8216;&amp;attr[&#8216; . $key . &#8216;]=&#8217; . $value;<br \/>\n$attr_picks[] = $key;<br \/>\nif ($i &gt; 0)<br \/>\n{<br \/>\nif (empty($goods_result))<br \/>\n{<br \/>\nbreak;<br \/>\n}<br \/>\n\/\/ \u5229\u7528key\u9032\u884c\u6ce8\u5c04:)<br \/>\n$goods_result = $db-&gt;getCol(&#8220;SELECT goods_id FROM &#8221; . $ecs-&gt;table(&#8220;goods_attr&#8221;) . &#8221; WHERE goods_id IN (&#8221; . implode(&#8216;,&#8217; , $goods_result) . &#8220;) AND attr_id=&#8217;$key&#8217; AND attr_value=&#8217;$value'&#8221;);<br \/>\n\u7531\u65bcmagic_quotes_gpc=off\u6642\u6c92\u6709\u5c0d$key\u8655\u7406,\u540c\u6642\u5728\u9663\u5217\u8ce6\u503c\u6642\u5b58\u5728\u908f\u8f2f\u554f\u984c,\u6700\u7d42\u5c0e\u81f4\u4e86\u6ce8\u5c04\u6f0f\u6d1e:)<br \/>\nEXP:<br \/>\nhttp:\/\/www.80vul.com\/exp\/ecshop-pch-005.txt<br \/>\n\u4e94\u3001\u53c3\u8003:<br \/>\nhttp:\/\/bugs.php.net\/bug.php?id=41093<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7576magic_quotes_gpc=off Pstzine0x03\u88e1&#8221;[0x06] \u9ad8\u7d1aPHP\u4ee3\u78bc [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[22],"class_list":["post-25","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-php","tag-php"],"_links":{"self":[{"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/posts\/25"}],"collection":[{"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":0,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/media\/385"}],"wp:attachment":[{"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/por.tw\/php\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}