Htaccess    html   Php    javascript   Asp   css    maths  Past Questions  Practice Tests Online

security.cgi bin function syntax tag tutorial 2013 Donate at flattr Flattr this





Alert! Connect with 10,000 Chating Online. Join Now

Php security.cgi bin () function

Write your php code

 
<?php ?>

Php Result


Your code below



Chapter 24. Installed as CGI binary

Possible attacks

Using PHP as a CGI binary is an option for setups that for some reason do not wish to integrate PHP as a module into server software (like Apache), or will use PHP with different kinds of CGI wrappers to create safe chroot and setuid environments for scripts. This setup usually involves installing executable PHP binary to the web server cgi-bin directory. CERT advisory CA-96.11 recommends against placing any interpreters into cgi-bin. Even if the PHP binary can be used as a standalone interpreter, PHP is designed to prevent the attacks this setup makes possible:

  • Accessing system files: http://my.host/cgi-bin/php?/etc/passwd

    The query information in a URL after the question mark (?) is passed as command line arguments to the interpreter by the CGI interface. Usually interpreters open and execute the file specified as the first argument on the command line.

    When invoked as a CGI binary, PHP refuses to interpret the command line arguments.

  • Accessing any web document on server: http://my.host/cgi-bin/php/secret/doc.html

    The path information part of the URL after the PHP binary name, /secret/doc.html is conventionally used to specify the name of the file to be opened and interpreted by the CGI program. Usually some web server configuration directives (Apache: Action) are used to redirect requests to documents like http://my.host/secret/script.php to the PHP interpreter. With this setup, the web server first checks the access permissions to the directory /secret, and after that creates the redirected request http://my.host/cgi-bin/php/secret/script.php. Unfortunately, if the request is originally given in this form, no access checks are made by web server for file /secret/script.php, but only for the /cgi-bin/php file. This way any user able to access /cgi-bin/php is able to access any protected document on the web server.

    In PHP, compile-time configuration option --enable-force-cgi-redirect and runtime configuration directives doc_root and user_dir can be used to prevent this attack, if the server document tree has any directories with access restrictions. See below for full the explanation of the different combinations.

Php security.cgi bin Function syntax tag

security.cgi bin php code on this is provided for your study purpose, it will guide you to know how create and design a website using php. use it to practice and train your self online



Php security.cgi bin syntax tutorial

php tutorial guide and code design are for easy learning and programming. The code practice section provided at the top is for practising of this syntax. Use the code section up to practice your php programming online. Learning php is very easy, all you need is to use the examples on this site and practice them to perfect your skills.


Function index

Variables

Expressions

Operators

Control-Structures

Cookies

Array

Date & Time

Directory function

File

Image

Operators

Form data handling

Mathematics operators

Mail

Php Mysql

Network Functions

Strings

php tutorial guides,functions, classes, code examples and tags for creating simple dynamic site to mysql database driven sites
 
 
Htaccess    html   Php    javascript   Asp   css    maths  Past Questions  Practice Tests Online