{"id":478428,"date":"2023-08-09T09:32:44","date_gmt":"2023-08-09T09:32:44","guid":{"rendered":""},"modified":"2023-09-05T11:16:46","modified_gmt":"2023-09-05T11:16:46","slug":"php-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/php-injection\/","title":{"rendered":"PHP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3"},"content":{"rendered":"<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001PHP \u30b3\u30fc\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u307e\u305f\u306f PHP \u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u3068\u3082\u547c\u3070\u308c\u3001PHP (\u30cf\u30a4\u30d1\u30fc\u30c6\u30ad\u30b9\u30c8 \u30d7\u30ea\u30d7\u30ed\u30bb\u30c3\u30b5) \u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u8a00\u8a9e\u3092\u4f7f\u7528\u3057\u3066\u69cb\u7bc9\u3055\u308c\u305f Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u3067\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u60aa\u610f\u306e\u3042\u308b\u653b\u6483\u8005\u304c\u30bf\u30fc\u30b2\u30c3\u30c8 \u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u4efb\u610f\u306e PHP \u30b3\u30fc\u30c9\u3092\u633f\u5165\u3057\u3066\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u3001\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3001\u30c7\u30fc\u30bf\u76d7\u96e3\u3001\u304a\u3088\u3073\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u5b8c\u5168\u306a\u4fb5\u5bb3\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8d77\u6e90\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca\u306e\u6b74\u53f2\u3002<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u6982\u5ff5\u306f\u3001PHP \u304c Web \u958b\u767a\u7528\u306e\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9 \u30b9\u30af\u30ea\u30d7\u30c8\u8a00\u8a9e\u3068\u3057\u3066\u5e83\u304f\u4f7f\u7528\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u305f 2000 \u5e74\u4ee3\u521d\u982d\u306b\u767b\u5834\u3057\u307e\u3057\u305f\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u6700\u521d\u306b\u6ce8\u76ee\u3059\u3079\u304d\u8a00\u53ca\u304c\u3042\u3063\u305f\u306e\u306f 2002 \u5e74\u9803\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u304c\u5f53\u6642\u4eba\u6c17\u306e\u3042\u3063\u305f\u30b3\u30f3\u30c6\u30f3\u30c4\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u3067\u3042\u308b PHP-Nuke \u306e\u8106\u5f31\u6027\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306f\u3001PHP \u30b3\u30fc\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u6f5c\u5728\u7684\u306a\u30ea\u30b9\u30af\u306b\u3064\u3044\u3066\u306e\u8a8d\u8b58\u3092\u9ad8\u3081\u3001Web \u958b\u767a\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u5185\u3067\u306e\u8b70\u8ad6\u3092\u5f15\u304d\u8d77\u3053\u3057\u307e\u3057\u305f\u3002<\/p>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u3059\u308b\u8a73\u7d30\u60c5\u5831\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30c8\u30d4\u30c3\u30af\u3092\u5c55\u958b\u3057\u307e\u3059\u3002<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001PHP \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5185\u3067\u306e\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u306e\u4e0d\u9069\u5207\u306a\u51e6\u7406\u304c\u539f\u56e0\u3067\u767a\u751f\u3057\u307e\u3059\u3002 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30e6\u30fc\u30b6\u30fc\u63d0\u4f9b\u306e\u30c7\u30fc\u30bf\u3092\u9069\u5207\u306b\u691c\u8a3c\u307e\u305f\u306f\u30b5\u30cb\u30bf\u30a4\u30ba\u3057\u306a\u3044\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u30b5\u30fc\u30d0\u30fc\u306b\u3088\u3063\u3066 PHP \u30b3\u30fc\u30c9\u3068\u3057\u3066\u5b9f\u884c\u3055\u308c\u308b\u60aa\u610f\u306e\u3042\u308b\u5165\u529b\u3092\u4f5c\u6210\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4e3b\u306a\u539f\u56e0\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u306e\u8aa4\u51e6\u7406:<\/strong> \u30d5\u30a9\u30fc\u30e0 \u30c7\u30fc\u30bf\u3001URL \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3001Cookie \u306a\u3069\u306e\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3092\u691c\u8a3c\u304a\u3088\u3073\u30b5\u30cb\u30bf\u30a4\u30ba\u3057\u306a\u3044\u3068\u3001\u653b\u6483\u8005\u304c\u60aa\u610f\u306e\u3042\u308b PHP \u30b3\u30fc\u30c9\u3092\u633f\u5165\u3059\u308b\u4f59\u5730\u304c\u751f\u3058\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30af\u30a8\u30ea:<\/strong> \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9 \u30af\u30a8\u30ea\u3001\u7279\u306b SQL \u30b9\u30c6\u30fc\u30c8\u30e1\u30f3\u30c8\u306b\u9023\u7d50\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3067\u69cb\u7bc9\u3055\u308c\u305f\u52d5\u7684\u30af\u30a8\u30ea\u3092\u4e0d\u9069\u5207\u306b\u4f7f\u7528\u3059\u308b\u3068\u3001SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c\u767a\u751f\u3057\u3001\u305d\u308c\u304c PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u5f15\u304d\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u306e\u8106\u5f31\u6027:<\/strong> PHP \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3001\u9069\u5207\u306a\u691c\u8a3c\u3092\u884c\u308f\u305a\u306b\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3057\u305f\u5165\u529b\u306b\u57fa\u3065\u304f\u30d5\u30a1\u30a4\u30eb\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u3053\u308c\u3092\u60aa\u7528\u3057\u3066\u60aa\u610f\u306e\u3042\u308b PHP \u30d5\u30a1\u30a4\u30eb\u3092\u7d44\u307f\u8fbc\u307f\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u5185\u90e8\u69cb\u9020\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4ed5\u7d44\u307f\u3002<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f PHP \u306e\u52d5\u7684\u306a\u6027\u8cea\u3092\u5229\u7528\u3057\u3066\u304a\u308a\u3001\u5b9f\u884c\u6642\u306b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30d7\u30ed\u30bb\u30b9\u306f\u3001\u6b21\u306e\u30b9\u30c6\u30c3\u30d7\u306b\u5206\u985e\u3067\u304d\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30e6\u30fc\u30b6\u30fc\u5165\u529b:<\/strong><\/p>\n<ul>\n<li>\u653b\u6483\u8005\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5185\u3067\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u304c\u9069\u5207\u306a\u691c\u8a3c\u306a\u3057\u306b\u51e6\u7406\u3055\u308c\u308b\u7b87\u6240\u3092\u7279\u5b9a\u3057\u307e\u3059\u3002<\/li>\n<li>\u4e00\u822c\u7684\u306a\u30a8\u30f3\u30c8\u30ea \u30dd\u30a4\u30f3\u30c8\u306b\u306f\u3001Web \u30d5\u30a9\u30fc\u30e0\u3001URL \u30d1\u30e9\u30e1\u30fc\u30bf\u3001HTTP \u30d8\u30c3\u30c0\u30fc\u3001\u304a\u3088\u3073 Cookie \u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9:<\/strong><\/p>\n<ul>\n<li>\u653b\u6483\u8005\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u5b9f\u884c\u3059\u308b PHP \u30b3\u30fc\u30c9\u3092\u542b\u3080\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/li>\n<li>\u30da\u30a4\u30ed\u30fc\u30c9\u306f\u3001\u691c\u51fa\u3092\u56de\u907f\u3059\u308b\u305f\u3081\u306b\u30a8\u30f3\u30b3\u30fc\u30c9\u307e\u305f\u306f\u96e3\u8aad\u5316\u3055\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>\u30b3\u30fc\u30c9\u306e\u5b9f\u884c:<\/strong><\/p>\n<ul>\n<li>\u7d30\u5de5\u3055\u308c\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u304c\u8106\u5f31\u306a\u30a8\u30f3\u30c8\u30ea \u30dd\u30a4\u30f3\u30c8\u306b\u633f\u5165\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>\u30b5\u30fc\u30d0\u30fc\u306f\u3001\u633f\u5165\u3055\u308c\u305f\u30b3\u30fc\u30c9\u3092\u6b63\u5f53\u306a PHP \u30b3\u30fc\u30c9\u3068\u3057\u3066\u6271\u3044\u3001\u5b9f\u884c\u6642\u306b\u5b9f\u884c\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4e3b\u8981\u306a\u6a5f\u80fd\u306e\u5206\u6790\u3002<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3068\u3063\u3066\u91cd\u5927\u306a\u8105\u5a01\u3068\u306a\u308b\u3044\u304f\u3064\u304b\u306e\u91cd\u8981\u306a\u6a5f\u80fd\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c:<\/strong> PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u4efb\u610f\u306e PHP \u30b3\u30fc\u30c9\u3092\u30ea\u30e2\u30fc\u30c8\u3067\u5b9f\u884c\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30b5\u30fc\u30d0\u30fc\u3092\u5236\u5fa1\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c7\u30fc\u30bf\u64cd\u4f5c\uff1a<\/strong> \u653b\u6483\u8005\u306f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30c7\u30fc\u30bf\u3092\u64cd\u4f5c\u3001\u8aad\u307f\u53d6\u308a\u3001\u524a\u9664\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u3001\u30c7\u30fc\u30bf\u4fb5\u5bb3\u3084\u6a5f\u5bc6\u60c5\u5831\u306e\u640d\u5931\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4fb5\u5bb3:<\/strong> PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u6210\u529f\u3059\u308b\u3068\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u5b8c\u5168\u306b\u4fb5\u5bb3\u3055\u308c\u3001\u653b\u6483\u8005\u304c\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u53d6\u5f97\u3057\u3066\u3055\u307e\u3056\u307e\u306a\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS) \u30d9\u30af\u30c8\u30eb:<\/strong> PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001\u633f\u5165\u3055\u308c\u305f\u30b3\u30fc\u30c9\u304c\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306b\u53cd\u6620\u3055\u308c\u308b\u3068\u304d\u306b\u3001\u30af\u30ed\u30b9\u30b5\u30a4\u30c8 \u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u653b\u6483\u306e\u30d9\u30af\u30c8\u30eb\u3068\u3057\u3066\u6a5f\u80fd\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u7a2e\u985e\u3068\u4f8b:<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u306f\u3044\u304f\u3064\u304b\u306e\u7a2e\u985e\u304c\u3042\u308a\u3001\u305d\u308c\u305e\u308c\u306b\u7279\u5fb4\u3068\u60aa\u7528\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002\u4e00\u822c\u7684\u306a\u30bf\u30a4\u30d7\u3092\u3044\u304f\u3064\u304b\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<th>\u4f8b<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>GET\/POST\u30d1\u30e9\u30e1\u30fc\u30bf\u306e\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/td>\n<td>GET \u307e\u305f\u306f POST \u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u901a\u3058\u3066\u60aa\u610f\u306e\u3042\u308b PHP \u30b3\u30fc\u30c9\u304c\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u633f\u5165\u3055\u308c\u305f\u3068\u304d\u306b\u767a\u751f\u3057\u307e\u3059\u3002<\/td>\n<td><code data-no-translation=\"\">http:\/\/example.com\/page.php?id=1' UNION SELECT null, username, password FROM users--<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u30d9\u30fc\u30b9\u306ePHP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/td>\n<td>SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u304c PHP \u30b3\u30fc\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u3064\u306a\u304c\u308b\u5834\u5408\u306b\u767a\u751f\u3057\u307e\u3059\u3002<\/td>\n<td><code data-no-translation=\"\">username=admin'; DELETE FROM users;--<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/td>\n<td>PHP \u30b3\u30fc\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u901a\u3058\u3066\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u4efb\u610f\u306e\u30b7\u30a7\u30eb\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/td>\n<td><code data-no-translation=\"\">system('rm -rf \/');<\/code><\/td>\n<\/tr>\n<tr>\n<td><strong>\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u30d9\u30fc\u30b9\u306e PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/td>\n<td>\u30d5\u30a1\u30a4\u30eb\u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u3001\u5916\u90e8\u30d5\u30a1\u30a4\u30eb\u304b\u3089 PHP \u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/td>\n<td><code data-no-translation=\"\">http:\/\/example.com\/page.php?file=evil.php<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u4f7f\u7528\u65b9\u6cd5\u3001\u4f7f\u7528\u306b\u95a2\u9023\u3059\u308b\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56\u3002<\/h2>\n<h3>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u60aa\u7528:<\/h3>\n<ol>\n<li>\n<p><strong>\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9:<\/strong> \u653b\u6483\u8005\u306f PHP \u30b3\u30fc\u30c9\u3092\u633f\u5165\u3057\u3066\u30ed\u30b0\u30a4\u30f3 \u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u30d0\u30a4\u30d1\u30b9\u3057\u3001\u5236\u9650\u3055\u308c\u305f\u9818\u57df\u3078\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30c7\u30fc\u30bf\u306e\u76d7\u96e3:<\/strong> PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u653b\u6483\u8005\u306f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u307e\u305f\u306f\u63a5\u7d9a\u3055\u308c\u305f\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u304b\u3089\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u62bd\u51fa\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8\u306e\u6539\u3056\u3093:<\/strong> \u633f\u5165\u3055\u308c\u305f PHP \u30b3\u30fc\u30c9\u306b\u3088\u308a\u3001Web \u30b5\u30a4\u30c8\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u5909\u66f4\u3055\u308c\u3001\u6539\u3056\u3093\u3055\u308c\u305f\u308a\u3001\u4e0d\u9069\u5207\u306a\u30b3\u30f3\u30c6\u30f3\u30c4\u304c\u8868\u793a\u3055\u308c\u305f\u308a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h3>\u554f\u984c\u3068\u89e3\u6c7a\u7b56:<\/h3>\n<ol>\n<li>\n<p><strong>\u4e0d\u5341\u5206\u306a\u5165\u529b\u691c\u8a3c:<\/strong> \u5805\u7262\u306a\u5165\u529b\u691c\u8a3c\u3068\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3092\u5b9f\u88c5\u3057\u3066\u3001\u672a\u627f\u8a8d\u306e\u6587\u5b57\u304c\u51e6\u7406\u3055\u308c\u308b\u306e\u3092\u9632\u304e\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6e96\u5099\u3055\u308c\u305f\u30b9\u30c6\u30fc\u30c8\u30e1\u30f3\u30c8:<\/strong> PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u56de\u907f\u3059\u308b\u306b\u306f\u3001\u30d7\u30ea\u30da\u30a2\u30c9 \u30b9\u30c6\u30fc\u30c8\u30e1\u30f3\u30c8\u307e\u305f\u306f\u30d1\u30e9\u30e1\u30fc\u30bf\u5316\u3055\u308c\u305f\u30af\u30a8\u30ea\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u51fa\u529b\u306e\u30a8\u30b9\u30b1\u30fc\u30d7:<\/strong> XSS \u3092\u9632\u6b62\u3057\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3059\u308b\u305f\u3081\u306b\u3001\u51fa\u529b\u3092\u30e6\u30fc\u30b6\u30fc\u306b\u8868\u793a\u3059\u308b\u524d\u306b\u5fc5\u305a\u51fa\u529b\u3092\u30a8\u30b9\u30b1\u30fc\u30d7\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u4e3b\u306a\u7279\u5fb4\u3084\u305d\u306e\u4ed6\u306e\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03\u3092\u8868\u3084\u30ea\u30b9\u30c8\u306e\u5f62\u5f0f\u3067\u793a\u3057\u307e\u3059\u3002<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u7279\u6027<\/th>\n<th>PHP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/th>\n<th>\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)<\/th>\n<th>SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\u5ba2\u89b3\u7684<\/strong><\/td>\n<td>PHP\u30b3\u30fc\u30c9\u3092\u30ea\u30e2\u30fc\u30c8\u3067\u5b9f\u884c\u3059\u308b<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u306e\u30d6\u30e9\u30a6\u30b6\u4e0a\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b<\/td>\n<td>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3078\u306e SQL \u30af\u30a8\u30ea\u3092\u64cd\u4f5c\u3059\u308b<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8<\/strong><\/td>\n<td>\u30b5\u30fc\u30d0\u30fc\u30b5\u30a4\u30c9\u306ePHP\u30b3\u30fc\u30c9<\/td>\n<td>\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30b5\u30a4\u30c9JavaScript<\/td>\n<td>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30af\u30a8\u30ea<\/td>\n<\/tr>\n<tr>\n<td><strong>\u5b9f\u884c\u5834\u6240<\/strong><\/td>\n<td>\u30b5\u30fc\u30d0<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u306e\u30d6\u30e9\u30a6\u30b6<\/td>\n<td>\u30b5\u30fc\u30d0<\/td>\n<\/tr>\n<tr>\n<td><strong>\u643e\u53d6\u30dd\u30a4\u30f3\u30c8<\/strong><\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u5165\u529b (GET\/POST)<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u5165\u529b (\u30d5\u30a9\u30fc\u30e0\u306a\u3069)<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u5165\u529b (\u30d5\u30a9\u30fc\u30e0\u306a\u3069)<\/td>\n<\/tr>\n<tr>\n<td><strong>\u30a4\u30f3\u30d1\u30af\u30c8<\/strong><\/td>\n<td>\u30b5\u30fc\u30d0\u30fc\u306e\u4fb5\u5bb3<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u30c7\u30fc\u30bf\u306e\u6f0f\u6d29<\/td>\n<td>\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u64cd\u4f5c<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u9023\u3059\u308b\u5c06\u6765\u306e\u5c55\u671b\u3068\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u3002<\/h2>\n<p>\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u304c\u9032\u6b69\u3059\u308b\u306b\u3064\u308c\u3066\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u624b\u6cd5\u3082\u9032\u5316\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u8105\u5a01\u306b\u5bfe\u6297\u3059\u308b\u306b\u306f\u3001\u958b\u767a\u8005\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5c02\u9580\u5bb6\u306f\u5e38\u306b\u8b66\u6212\u3057\u3001\u30d9\u30b9\u30c8 \u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u3092\u63a1\u7528\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u81ea\u52d5\u30b3\u30fc\u30c9\u5206\u6790:<\/strong> \u30b3\u30fc\u30c9\u5206\u6790\u7528\u306e\u81ea\u52d5\u5316\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306a\u3069\u306e\u6f5c\u5728\u7684\u306a\u8106\u5f31\u6027\u3092\u7279\u5b9a\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u3068\u4fb5\u5165\u30c6\u30b9\u30c8:<\/strong> \u5b9a\u671f\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u3068\u4fb5\u5165\u30c6\u30b9\u30c8\u306b\u3088\u308a\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u5f31\u70b9\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u3001\u4e88\u9632\u7684\u306a\u5bfe\u7b56\u3092\u8b1b\u3058\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5b89\u5168\u306a\u958b\u767a\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af:<\/strong> \u7d44\u307f\u8fbc\u307f\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u7d44\u307f\u8fbc\u3093\u3060\u5b89\u5168\u306a\u958b\u767a\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3092\u63a1\u7528\u3059\u308b\u3068\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u3001\u307e\u305f\u306f PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u95a2\u9023\u4ed8\u3051\u308b\u65b9\u6cd5\u3002<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u30fc\u306e\u9593\u306e\u4ef2\u4ecb\u8005\u3068\u3057\u3066\u6a5f\u80fd\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u306b\u533f\u540d\u6027\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8ffd\u52a0\u5c64\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u306f\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u5b9f\u73fe\u8981\u56e0\u306b\u3082\u969c\u5bb3\u306b\u3082\u306a\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u653b\u6483\u8005\u306e\u8eab\u5143\u3092\u96a0\u3059:<\/strong> \u653b\u6483\u8005\u306f\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u3092\u8a66\u307f\u308b\u969b\u306b\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u5b9f\u969b\u306e IP \u30a2\u30c9\u30ec\u30b9\u3092\u96a0\u853d\u3057\u3001\u305d\u306e\u4f4d\u7f6e\u3092\u8ffd\u8de1\u3059\u308b\u3053\u3068\u3092\u56f0\u96e3\u306b\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u76e3\u8996:<\/strong> Web \u30b5\u30a4\u30c8\u7ba1\u7406\u8005\u306f\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3001\u53d7\u4fe1\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u304a\u3088\u3073\u76e3\u8996\u3059\u308b\u3053\u3068\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3057\u3001PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8a66\u307f\u3092\u691c\u51fa\u3057\u3066\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ol>\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/PHP_Injection\" target=\"_new\" rel=\"noopener nofollow\">OWASP PHP \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30fc\u30c8\u30b7\u30fc\u30c8<\/a><\/li>\n<li><a href=\"https:\/\/www.php.net\/\" target=\"_new\" rel=\"noopener nofollow\">PHP\u516c\u5f0f\u30b5\u30a4\u30c8<\/a><\/li>\n<li><a href=\"https:\/\/www.acunetix.com\/blog\/articles\/understanding-php-injection\/\" target=\"_new\" rel=\"noopener nofollow\">Acunetix \u2013 PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u7406\u89e3\u3059\u308b<\/a><\/li>\n<li><a href=\"https:\/\/www.w3schools.com\/php\/\" target=\"_new\" rel=\"noopener nofollow\">W3Schools PHP \u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb<\/a><\/li>\n<li><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/PHP\" target=\"_new\" rel=\"noopener nofollow\">Mozilla Developer Network PHP \u30ac\u30a4\u30c9<\/a><\/li>\n<\/ol>\n<p>PHP \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3084\u305d\u306e\u4ed6\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8105\u5a01\u304b\u3089 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4fdd\u8b77\u3059\u308b\u306b\u306f\u3001\u5e38\u306b\u60c5\u5831\u3092\u5165\u624b\u3057\u3001\u5b89\u5168\u306a\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3092\u5b9f\u8df5\u3059\u308b\u3053\u3068\u304c\u4e0d\u53ef\u6b20\u3067\u3042\u308b\u3053\u3068\u3092\u5fd8\u308c\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<\/p>","protected":false},"featured_media":478429,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-478428","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>PHP Injection: A Comprehensive Overview<\/mark>","faq_items":[{"question":"What is PHP injection, and why is it a concern for web applications?","answer":"<p>PHP injection, also known as PHP code injection, is a security vulnerability that allows attackers to insert and execute arbitrary PHP code on a web application's server. It poses a serious threat as it can lead to unauthorized access, data theft, and even complete compromise of the application.<\/p>"},{"question":"How did PHP injection originate, and when was it first mentioned?","answer":"<p>PHP injection emerged in the early 2000s with the rise of PHP as a popular server-side scripting language. The first notable mention occurred around 2002 when security researchers discovered a vulnerability in PHP-Nuke, a widely-used content management system.<\/p>"},{"question":"What causes PHP injection, and how does it work internally?","answer":"<p>PHP injection occurs when web applications mishandle user input, especially when it lacks proper validation or sanitization. Attackers inject malicious PHP code through vulnerable entry points, and the server executes it as legitimate PHP code during runtime.<\/p>"},{"question":"What are the main characteristics of PHP injection, and how does it compare to XSS and SQL injection?","answer":"<p>PHP injection allows remote code execution on the server, impacting the application's integrity. In comparison, Cross-Site Scripting (XSS) executes scripts on users' browsers, and SQL injection manipulates database queries to extract data. Each poses unique risks and requires specific prevention measures.<\/p>"},{"question":"What types of PHP injection exist, and can you provide examples?","answer":"<p>Several types of PHP injection include GET\/POST Parameter Injection, SQL Injection-based PHP Injection, Command Injection, and File Inclusion-based PHP Injection. For example, an attacker might exploit a GET parameter to inject malicious SQL code and execute arbitrary commands on the server.<\/p>"},{"question":"How can PHP injection be used, and what are the associated problems and solutions?","answer":"<p>Attackers can use PHP injection to bypass authentication, steal data, and deface websites. To prevent PHP injection, developers should implement robust input validation, use prepared statements for database queries, and escape output before displaying it to users.<\/p>"},{"question":"What are the future perspectives and technologies related to PHP injection?","answer":"<p>As technology advances, automated code analysis, security audits, and secure development frameworks will play crucial roles in mitigating PHP injection risks and enhancing web application security.<\/p>"},{"question":"How are proxy servers related to PHP injection, and what role do they play?","answer":"<p>Proxy servers can both facilitate and hinder PHP injection. Attackers might use proxy servers to hide their identities during attacks, while website administrators can employ proxies to filter and monitor incoming traffic, detecting and blocking potential PHP injection attempts.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/478428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/478428\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/478429"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=478428"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}