我正在开发一个网站,用户可以注册和访问他们的帐户,当用户连接时,我使用序列化和base64编码将用户对象保存在cookie中。它运行得很好,突然PHP脚本不想创建cookie。我的PHP脚本是:
/**
* Function that creates a cookie from an User object
* @param User $user User object to be stored in the cookie
* @param int $timeout Lifetime of the cookie (0 if should be destroyed when the nav
在消除脆弱性方面:
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c
in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute
arbitrary code via a long pathname for a UNIX socket.
我可以看到这可能是一个本地问题,但攻击者如何可能远程利用这一漏洞?
编辑:
确切漏洞:http://www.securityfocus.com/
在我的Apache错误日志中,我每天都会看到下面的PHP错误。
[Wed Dec 26 01:31:33.736040 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/html/help.php' not found or unable to stat
[Wed Dec 26 01:31:33.968964 2018] [php7:error] [pid 14965] [client 129.204.75.228:62753] script '/var/www/h