[
  {
    "path": "README.md",
    "content": "# PHP代码审计入门指南\nhttps://www.yuque.com/burpheart/phpaudit\n\n### 作者\n\n白帽酱 (橙子酱)(i@rce.moe)\n\n### 简介\n\n这本指南包含了我在学习过程中整理出的一些技巧和对漏洞的一些理解\n\n这本指南仍在在编写完善中\n\n如果发现有遗漏或者是错误的地方 欢迎大家提issue\n\n\n## 目录:\n* [PHP代码审计入门指南](https://www.yuque.com/burpheart/phpaudit/readme)\n* [序言](https://www.yuque.com/burpheart/phpaudit/xu-yan)\n* PHP审计基础\n  * [⚒ 工具准备](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_gong-ju-zhun-bei)\n  * [PHP代码审计思路](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_php-shen-ji-liu-cheng)\n  * [VS CODE 常用快捷键](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_vs-code-shen-ji-ji-qiao)\n  * [💉 PHP用户可控输入速查表](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_yong-hu-ke-kong-shu-ru-su-cha-biao)\n  * [🧬 PHP敏感函数速查表](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_cui-ruo-han-shu-su-cha-biao)\n  * [🩹 PHP原生过滤方法](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_php-yuan-sheng-guo-lv-han-shu)\n  * [PHP动态调试-Xdebug安装配置](https://www.yuque.com/burpheart/phpaudit/php-shen-ji-ji-chu_php-dong-tai-tiao-shi-xdebug-an-zhuang-pei-zhi)\n* PHP常见漏洞\n  * [命令注入](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_page-11)\n  * [代码注入](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_dai-ma-zhu-ru)\n  * [文件包含](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_wen-jian-bao-han)\n  * [SQL注入](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_sql-zhu-ru)\n  * [文件操作](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_wen-jian-cao-zuo)\n  * [XSS](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_xss)\n  * [SSRF](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_ssrf)\n  * [CSRF](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_csrf)\n  * [XXE](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_xxe)\n  * [反序列化](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_fan-xu-lie-hua)\n  * [LDAP注入](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_ldap-zhu-ru)\n  * [其他漏洞](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-lou-dong_qi-ta-lou-dong)\n* PHP常见框架\n  * [TODO]\n  * [Thinkphp](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-kuang-jia_page-2)\n  * [Laravel](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-kuang-jia_laravel)\n  * [Codeigniter](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-kuang-jia_codeigniter)\n  * [Yii](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-kuang-jia_yii)\n  * [Cakephp](https://www.yuque.com/burpheart/phpaudit/php-chang-jian-kuang-jia_cakephp)\n* PHP审计实例\n  * [TODO]\n* PHP特性利用\n  * [TODO]\n* PHP审计扩展\n  * [PHP商业源码提取](https://www.yuque.com/burpheart/phpaudit/kau3lk)\n  * [浅谈PHP源代码保护方案&受保护PHP代码の解密还原](https://www.yuque.com/burpheart/phpaudit/mzbi3y)\n\n* 附录\n  * [changelog](https://www.yuque.com/burpheart/phpaudit/tbdum5)\n  * [PHP弱类型](https://www.yuque.com/burpheart/phpaudit/fu-lu_php-ruo-lei-xing)\n\n  * [扩展阅读](https://www.yuque.com/burpheart/phpaudit/xg1xrk)\n  * [🎉 总结](https://www.yuque.com/burpheart/phpaudit/zong-jie)\n  * [🔗 参考](https://www.yuque.com/burpheart/phpaudit/can-kao)\n\n\n# changelog\n## 2021-12-12 \n1. 弃用gitbook 改用语雀\n2. 补充 其他漏洞 页面  小幅度修整页面格式\n\n## 2021-12-20\n1. 文件操作 函数补充\n2. 增加扩展阅读页面\n3. 增加PHP源码解密\n\n## 2021-12-28\nPHP源码解密页面完成\n\n## 2022-03-10\n补充其他漏洞\n"
  }
]