diff --git a/book/lang/en/source/_includes/Code-Injection.rst b/book/lang/en/source/_includes/Code-Injection.rst index 6bc9894..370e9d2 100644 --- a/book/lang/en/source/_includes/Code-Injection.rst +++ b/book/lang/en/source/_includes/Code-Injection.rst @@ -17,7 +17,7 @@ File Inclusion The most obvious target for a Code Injection attack are the include(), include_once(), require() and require_once() functions. If untrusted input is allowed to determine the path parameter passed to these functions it is possible to influence which local file will be included. It should be noted that the included file need not be an actual PHP file; any included file that is capable of carrying textual data (e.g. almost anything) is allowed. -The path parameter may also be vulnerable to a Directory Traversal or Remote File Inclusion. Using the ../ or ..\ (dot-dot-slash) string in a path allows an attacker to navigate to almost any file accessible to the PHP process. The above functions will also accept a URL in PHP's default configuration unless XXX is disabled. +The path parameter may also be vulnerable to a Directory Traversal or Remote File Inclusion. Using the ../ or ..\ (dot-dot-slash) string in a path allows an attacker to navigate to almost any file accessible to the PHP process. The above functions will also accept a URL in PHP's default configuration unless allow_url_include is disabled. Evaluation ^^^^^^^^^^ @@ -27,7 +27,7 @@ PHP's eval() function accepts a string of PHP code to be executed. Regular Expression Injection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The PCRE function preg_replace() function in PHP allows for an "e" (PREG_REPLACE_EVAL) modifier which means the replacement string will be evaluated as PHP after subsitution. Untrusted input used in the replacement string could therefore inject PHP code to be executed. +The PCRE function preg_replace() function in PHP allows for an "e" (PREG_REPLACE_EVAL) modifier which means the replacement string will be evaluated as PHP after subsitution. Untrusted input used in the replacement string could therefore inject PHP code to be executed. Protection against regular expression injection is provided by PHP's preg_quote function.a Flawed File Inclusion Logic ^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -45,4 +45,4 @@ Goals of Code Injection The goal of a Code Injection is extremely broad since it allows the execution of any PHP code of the attacker's choosing. Defenses against Code Injection -------------------------------- \ No newline at end of file +-------------------------------