问题描述
几年前,我在 C 中艰难地了解了格式化字符串攻击.现在,我最近看到了一些这样的 PHP 代码:
A few years ago, I learned about Format String Attacks in C the hard way. Now, I recently saw some PHP code like this:
<?php
echo sprintf($_GET['format'], $_GET['value1'], $_GET['value2']);
我尝试将 $_GET['format']
设置为像 %s%s%s...
这样的字符串来运行它,但 PHP 只存在于PHP 警告:sprintf():file.php 第 2 行的参数太少
.不是仍然可以进行格式字符串攻击吗?
I tried run this like this with $_GET['format']
set to strings like %s%s%s...
, but PHP just exists with PHP Warning: sprintf(): Too few arguments in file.php on line 2
. Isn't it still possible to do a format string attack?
推荐答案
不是传统意义上的 PHP 的 sprintf
不支持任何真正危险的转换,如 %n
.用户控制的格式字符串仍然会造成一些有限的破坏(考虑 %99999999s
),但我认为最坏的情况是消耗内存和时间.
Not in any traditional sense, as PHP's sprintf
doesn't support any of the really dangerous conversions like %n
. A user-controlled format string can still cause some limited havoc (consider %99999999s
), but about the worst I think it could do would be to consume memory and time.
这篇关于PHP sprintf 认为有害吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!