php危险函数&php代码审计

1.eval()

The eval( )function is used for evaluating a string as PHP. For example:
<?php
$name = 'Chris';
$string = 'echo "Hello, $name";';
eval($string);
?>

2. exec( )

Try to avoid using shell command functions, but when you require them, be sure to use only filtered, escaped data in the construction of the
command to be executed:
<?php
$clean = array();
$shell = array();
/* Filter Input ($command, $argument) */
$shell['command'] = escapeshellcmd($clean['command']);
$shell['argument'] = escapeshellarg($clean['argument']);
$last = exec("{$shell['command']} {$shell['argument']}", $output, $return);
?>

3.file( )；当allow_url_fopen = On;时file()可以读取远程文件，变得危险

$content=file('http://www.baidu.com');
print_r($content);

4.file_get_contents；同上

5.fopen同上

<?php

$content=fopen('http://www.baidu.com');
while (!feof($content)){
     echo fgets($content,1024);
}

6.include

As described in Chapter 5, the use of  include is common and necessary for an organized and modular software design. However, improper
use of include can create one of the most drastic security vulnerabilitiescode injection.
It is extremely important that you use only filtered data in an  include statement. This function is a good candidate for inspection during a 

7.passthru,popen,proc_open,shell_exec,system=>exec

8;phpinfo( );泄露太多信息；如果将数据库信息存储到httpd.conf则关闭该函数

9：preg_replace;

详情见http://www.76423.com/posts/128.html

-e参数可以使replacement以php的方式解析执行

<?php
echo preg_replace("/test/e",$_GET["h"],"just test");

恶意url：

http://localhost/tp/file.php?h=phpinfo()

10：readfile=>file

11:require=>include

12: