2010年3月22日
admin 26,976 views
From;http://www.milw0rm.com/papers/381
Name : Finding vulnerabilities in PHP scripts FULL ( with examples )
Author : SirGod
Email : sirgod08@gmail.com
Contents :
1) About
2) Some stuff
3) Remote File Inclusion
3.0 – Basic example
3.1 – Simple example
3.2 – How to fix
4) Local File Inclusion
4.0 – Basic example
4.1 – Simple example
4.2 – How to fix
5) Local File Disclosure/Download
5.0 – Basic example
5.1 – Simple example
5.2 – How to fix
阅读全文…
2010年3月5日
admin 2,434 views
一款国外免费的源码审计工具-含linux下版本,RATS。刚刚装上。
RATS
Welcome to RATS – Rough Auditing Tool for Security
RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.
阅读全文…
2010年3月5日
admin 1,912 views
来源:http://www.milw0rm.com/papers/283
ps:有些东西我也独立想出来过,虽然没有发到网上,但是我没有抄袭这位。
不错的文章。收藏一下。
PHP filesystem attack vectors
Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco “ascii” Ongaro (ascii AT ush DOT it)
Giovanni “evilaliv3″ Pellerano (giovanni.pellerano AT
evilaliv3 DOT org)
Date 20090207
I) Introduction
II) The bugs in 50 words
III) PHP filesystem functions path normalization attack
IV) PHP filesystem functions path normalization attack details
V) PHP filesystem functions path truncation attack
VI) PHP filesystem functions path truncation attack details
VII) The facts
VIII) POC and attack code
IX) Conclusions
X) References
阅读全文…
2010年3月3日
admin 1,518 views
与数据库相关的Local File Disclosure的利用
这里不是说load_file()函数,load_file()函数需要file_priv才能够读文件。
这里是说如果readfile等函数的参数是通过数据库查询得来的结果。
这种情况下如果我们能够控制那个结果,不需要file_priv权限我们就可以读文件。如果有后缀形式的限制,也可以通过0×00来截断,因为是在Mysql的查询过程转化的NULL字符所以也无视magic_quotes_gpc=on的影响。
看下面的例子。
阅读全文…
2010年3月3日
admin 2,355 views
From:http://www.milw0rm.org/papers/367
ReadFile() Local File Disclosure
Author : 599eme Man
Contact : flouf@live.fr
[--------------------------------------------]
/-Summary
/——-1] -Introduction
/——-2] -Explanation
/——-3] -Demonstration
/——-4] -How Secure It?
[--------------------------------------------]
1] Introduction
The local File Disclosure is a vulnerability who give the possibility to read the source
code of a file : If the file countain php (or another web language) in the source you will see php
code and you could search other vulnerability in the php code. You could too read config file or
other file. This vulnerability is very dangerous cause you can read file’s source and get secret
or important informations like ftp, mysql logins etc…
阅读全文…
2010年3月2日
admin 2,759 views
From:http://www.milw0rm.com/papers/359
PHP filesystem attack vectors – Take Two
Name PHP filesystem attack vectors – Take Two
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad_2.txt
Authors Giovanni “evilaliv3″ Pellerano (evilaliv3 AT ush DOT it)
Antonio “s4tan” Parata (s4tan AT ush DOT it)
Francesco “ascii” Ongaro (ascii AT ush DOT it)
Alessandro “jekil” Tanasi (alessandro AT tanasi DOT it)
Date 20090725
I) Introduction
II) PHP arbitrary Local File Inclusion testing
III) PHP arbitrary Local File Inclusion results
IV) PHP arbitrary File Open testing
V) PHP arbitrary File Open results
VI) PHP arbitrary Remote File Upload testing
VII) PHP arbitrary Remote File Upload results
VIII) Conclusions
IX) References
阅读全文…