├── PHP弱类型
    └── 常见函数
├── README.md
├── SSRF
    └── 常见函数
├── URL重定向
    ├── Javascript跳转
    │   └── 常见关键字
    ├── META标签内跳转
    │   └── 常见关键字
    └── header头跳转
    │   └── 常见关键字
├── XSS
    └── 常见定位函数
├── XXE
    └── 常见函数
├── php反序列化
    ├── Session反序列化漏洞
    │   └── poc
    ├── phar伪协议触发反序列化
    │   └── poc
    ├── 常见函数
    └── 魔法函数绕过
    │   └── poc
├── 变量覆盖
    └── 常见函数
├── 命令执行
    └── 常见函数
├── 文件删除
    └── 常见函数
├── 文件包含
    ├── 常见文件读取函数
    ├── 本地文件包含
    │   └── 常用函数
    └── 远程文件包含
    │   └── 前置条件
└── 认证缺陷
    ├── Cookie
    └── Session
        └── Session会话认证漏洞
            └── poc


/PHP弱类型/常见函数:
--------------------------------------------------------------------------------
 1 | extract()
 2 | strcmp()
 3 | urldecode()
 4 | md5()
 5 | ereg()
 6 | empty()
 7 | isset()
 8 | is_numeric()
 9 | in_array()
10 | array_search()
11 | switch()
12 | strpos()
13 | 比较运算符
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # --php
2 | 代码审计知识点整理-php
3 | 


--------------------------------------------------------------------------------
/SSRF/常见函数:
--------------------------------------------------------------------------------
1 | curl()
2 | file_get_contents()
3 | fsockopen/fopen()
4 | 


--------------------------------------------------------------------------------
/URL重定向/Javascript跳转/常见关键字:
--------------------------------------------------------------------------------
1 | window.location.href 
2 | self.location 
3 | top.location 
4 | window.navigate #只对IE系列浏览器有效
5 | 


--------------------------------------------------------------------------------
/URL重定向/META标签内跳转/常见关键字:
--------------------------------------------------------------------------------
1 | ~
2 | <meta http-equiv ... url
3 | 


--------------------------------------------------------------------------------
/URL重定向/header头跳转/常见关键字:
--------------------------------------------------------------------------------
1 | header("Location:
2 | 


--------------------------------------------------------------------------------
/XSS/常见定位函数:
--------------------------------------------------------------------------------
1 | print
2 | print_r
3 | echo
4 | printf
5 | sprintf
6 | die
7 | var_dump
8 | var_export
9 | 


--------------------------------------------------------------------------------
/XXE/常见函数:
--------------------------------------------------------------------------------
1 | simplexml_load_string
2 | 


--------------------------------------------------------------------------------
/php反序列化/Session反序列化漏洞/poc:
--------------------------------------------------------------------------------
1 | ~
2 | 


--------------------------------------------------------------------------------
/php反序列化/phar伪协议触发反序列化/poc:
--------------------------------------------------------------------------------
1 | ~
2 | 


--------------------------------------------------------------------------------
/php反序列化/常见函数:
--------------------------------------------------------------------------------
 1 | _construct() _destruct()
 2 | _call() _callStatic()
 3 | _get() _set()
 4 | _isset() unset()
 5 | _sleep() _wakeup()
 6 | _toString() _invoke()
 7 | _set_state()
 8 | _clone()
 9 | _debutinfo()
10 | 


--------------------------------------------------------------------------------
/php反序列化/魔法函数绕过/poc:
--------------------------------------------------------------------------------
1 | ~
2 | 


--------------------------------------------------------------------------------
/变量覆盖/常见函数:
--------------------------------------------------------------------------------
1 | $$
2 | extract()
3 | parse_str()
4 | import_request_variables()
5 | 


--------------------------------------------------------------------------------
/命令执行/常见函数:
--------------------------------------------------------------------------------
1 | exec()
2 | system()
3 | popen()
4 | passthru()
5 | proc_open()
6 | pcntl_exec()
7 | shell_exec() 
8 | 


--------------------------------------------------------------------------------
/文件删除/常见函数:
--------------------------------------------------------------------------------
1 | unlink()
2 | 


--------------------------------------------------------------------------------
/文件包含/常见文件读取函数:
--------------------------------------------------------------------------------
 1 | fopen()
 2 | fiel_get_contents()
 3 | fread
 4 | fgets
 5 | fgetss
 6 | file
 7 | fpassthru
 8 | parse_ini_file
 9 | readfile
10 | 


--------------------------------------------------------------------------------
/文件包含/本地文件包含/常用函数:
--------------------------------------------------------------------------------
1 | require()
2 | require_once()
3 | include()
4 | include_once()
5 | 


--------------------------------------------------------------------------------
/文件包含/远程文件包含/前置条件:
--------------------------------------------------------------------------------
1 | allow_url_include=off
2 | all_url_open=on
3 | 


--------------------------------------------------------------------------------
/认证缺陷/Cookie:
--------------------------------------------------------------------------------
1 | ~
2 | 


--------------------------------------------------------------------------------
/认证缺陷/Session/Session会话认证漏洞/poc:
--------------------------------------------------------------------------------
1 | ~
2 | 


--------------------------------------------------------------------------------