Indlela iye yapapashwa ukuba idlule kwitoliki ye-PHP izithintelo ezichazwe usebenzisa i-disable_functions Directive kunye nezinye izicwangciso kwi-php.ini. Masikhumbule ukuba i-disable_functions Directive yenza kube lula ukunqanda ukusetyenziswa kwemisebenzi ethile yangaphakathi kwizikripthi, umzekelo, unokukhubaza "inkqubo, i-exec, i-passthru, i-popen, i-proc_open kunye ne-shell_exec" ukuvala iifowuni kwiinkqubo zangaphandle okanye ukuvala ukuthintela. ukuvula iifayile.
Okuphawulekayo kukuba, i-exploit ecetywayo isebenzisa ubuthathaka obabikwa kubaphuhlisi be-PHP kwiminyaka engaphezu kwe-10 eyadlulayo, kodwa yathathwa njengengxaki encinci engenazo iziphumo zokhuseleko. Indlela ecetywayo yokuhlasela ixhomekeke ekuguquleni amaxabiso eparameter kwimemori yenkqubo kwaye isebenza kuzo zonke ii-PHP ezikhutshwayo ngoku, ukuqala nge-PHP 7.0 (uhlaselo lunokwenzeka nakwi-PHP 5.x, kodwa lufuna utshintsho kwi-exploit). I-exploit ivavanyiwe kwiindlela ezahlukeneyo zokucwangcisa. Debian, Ubuntu, CentOS kunye neFreeBSD enePHP ngendlela ye-cli, fpm kunye nemodyuli ye-apache2.
umthombo: opennet.ru
