0x50sec.org

来源:http://www.milw0rm.com/papers/283

ps:有些东西我也独立想出来过，虽然没有发到网上，但是我没有抄袭这位。

不错的文章。收藏一下。

PHP filesystem attack vectors

Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco “ascii” Ongaro (ascii AT ush DOT it)
Giovanni “evilaliv3″ Pellerano (giovanni.pellerano AT
evilaliv3 DOT org)
Date 20090207

I) Introduction
II) The bugs in 50 words
III) PHP filesystem functions path normalization attack
IV) PHP filesystem functions path normalization attack details
V) PHP filesystem functions path truncation attack
VI) PHP filesystem functions path truncation attack details
VII) The facts
VIII) POC and attack code
IX) Conclusions
X) References

阅读全文…

From:http://www.milw0rm.com/papers/359
PHP filesystem attack vectors – Take Two

Name PHP filesystem attack vectors – Take Two
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad_2.txt
Authors Giovanni “evilaliv3″ Pellerano (evilaliv3 AT ush DOT it)
Antonio “s4tan” Parata (s4tan AT ush DOT it)
Francesco “ascii” Ongaro (ascii AT ush DOT it)
Alessandro “jekil” Tanasi (alessandro AT tanasi DOT it)
Date 20090725

I) Introduction
II) PHP arbitrary Local File Inclusion testing
III) PHP arbitrary Local File Inclusion results
IV) PHP arbitrary File Open testing
V) PHP arbitrary File Open results
VI) PHP arbitrary Remote File Upload testing
VII) PHP arbitrary Remote File Upload results
VIII) Conclusions
IX) References

阅读全文…