这是我已经开始并希望完成的列表。我正在寻找创建一个从文件系统读取或写入的函数的完整列表。见下文。我错过了哪些?感谢
readfile, fpassthru, file, file_get_contents, system, fopen, symlink, rename, copy, exec, passthru, pcntl_exec, backtick_operator, shell_exec, popen, proc_open, chmod, chown, chgrp, touch, dl, highlight_file, show_source, mkdir, rmdir, posix_mkfifo, dbase_open, dbmopen, filepro, pg_lo_import, move_uploaded_file, link
该列表可用于扫描潜在的性能问题(许多天真的开发人员没有意识到访问文件系统太慢),找到潜在的恶意代码,后门等。
答案 0 :(得分:2)
Filesystem functions通过php.net
答案 1 :(得分:2)
这列在Exploitable PHP Functions中。还要记住,“命令执行”功能也可用于访问文件系统,并且是最可能的更大问题。
> // open filesystem handler fopen
> tmpfile bzopen gzopen // write to
> filesystem (partially in combination
> with reading) chgrp chmod chown copy
> file_put_contents lchgrp lchown link
> mkdir move_uploaded_file rename rmdir
> symlink tempnam touch unlink imagepng - 2nd parameter is a path.
> imagewbmp - 2nd parameter is a path.
> image2wbmp - 2nd parameter is a path.
> imagejpeg - 2nd parameter is a path.
> imagexbm - 2nd parameter is a path.
> imagegif - 2nd parameter is a path.
> imagegd - 2nd parameter is a path.
> imagegd2 - 2nd parameter is a path.
> iptcembed ftp_get ftp_nb_get // read from
> filesystem file_exists
> file_get_contents file fileatime
> filectime filegroup fileinode
> filemtime fileowner fileperms filesize
> filetype glob is_dir is_executable
> is_file is_link is_readable
> is_uploaded_file is_writable
> is_writeable linkinfo lstat
> parse_ini_file pathinfo readfile
> readlink realpath stat gzfile
> readgzfile getimagesize
> imagecreatefromgif imagecreatefromjpeg
> imagecreatefrompng imagecreatefromwbmp
> imagecreatefromxbm imagecreatefromxpm
> ftp_put ftp_nb_put exif_read_data
> read_exif_data exif_thumbnail
> exif_imagetype hash_file
> hash_hmac_file hash_update_file
> md5_file sha1_file highlight_file
> show_source php_strip_whitespace
> get_meta_tags
答案 2 :(得分:1)
@hsz提到了一组功能,但也有:
答案 3 :(得分:0)