Indlela iye yapapashwa ukuba idlule kwitoliki ye-PHP izithintelo ezichazwe usebenzisa i-disable_functions Directive kunye nezinye izicwangciso kwi-php.ini. Masikhumbule ukuba i-disable_functions Directive yenza kube lula ukunqanda ukusetyenziswa kwemisebenzi ethile yangaphakathi kwizikripthi, umzekelo, unokukhubaza "inkqubo, i-exec, i-passthru, i-popen, i-proc_open kunye ne-shell_exec" ukuvala iifowuni kwiinkqubo zangaphandle okanye ukuvala ukuthintela. ukuvula iifayile.
Kuyaphawuleka ukuba ukuxhaphaza okucetywayo kusebenzisa ubuthathaka obaxelwa kubaphuhlisi be-PHP ngaphezulu kweminyaka eli-10 eyadlulayo, kodwa bayithatha njengengxaki encinci engenafuthe lokhuseleko. Indlela yokuhlasela ecetywayo isekelwe ekutshintsheni amaxabiso eparameters kwimemori yenkqubo kwaye isebenza kuzo zonke ii-PHP zangoku, ukuqala nge-PHP 7.0 (uhlaselo lunokwenzeka kwi-PHP 5.x, kodwa oku kufuna utshintsho kwi-exploit) . I-exploit ivavanyiwe kwiindlela ezahlukeneyo ze-Debian, Ubuntu, CentOS kunye ne-FreeBSD kunye ne-PHP ngendlela ye-cli, fpm kunye nemodyuli ye-apache2.
umthombo: opennet.ru