Waraxe IT Security Portal
Login or Register
November 18, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 68
Members: 0
Total: 68
Full disclosure
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
4 vulnerabilities in ibmsecurity
32 vulnerabilities in IBM Security Verify Access
xlibre Xnest security advisory & bugfix releases
APPLE-SA-10-29-2024-1 Safari 18.1
SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (formerly known as ForgeRock Identity Management) (CVE-2024-23600)
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
APPLE-SA-10-28-2024-8 visionOS 2.1
APPLE-SA-10-28-2024-7 tvOS 18.1
APPLE-SA-10-28-2024-6 watchOS 11.1
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Php -> Finding Vulns in Generic PHP Site
Post new topicReply to topic View previous topic :: View next topic
Finding Vulns in Generic PHP Site
PostPosted: Wed May 04, 2005 5:03 pm Reply with quote
KingOfSka
Advanced user
Advanced user
Joined: Mar 13, 2005
Posts: 61




hi all !
i'm learning php, now i would like to know how to discover vulns in a generic php site, without having its sources
i found some easy RFI linke index.php?var=somestring , are there some othere possible vulns ?
View user's profile Send private message Visit poster's website
PostPosted: Wed May 04, 2005 5:54 pm Reply with quote
Heintz
Valuable expert
Valuable expert
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




you probably want to read
http://phpsec.org - recommendations and put your self in "bad" guy roll Smile

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu May 05, 2005 4:21 pm Reply with quote
KingOfSka
Advanced user
Advanced user
Joined: Mar 13, 2005
Posts: 61




thanks a lot i'm reading that papers Smile
by the way, some papers about vulns that can be finded in php source ?
View user's profile Send private message Visit poster's website
PostPosted: Thu May 05, 2005 6:23 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/

Be creative and open-minded, think from attacker's point of view, consider to try all possible attack vectors - GET/POST/COOKIE/USERAGENT/REFERER, search for base64(),urldecode(),eval(),unserialize(),stripslashes(), etc etc etc

And if you have tried all the easy attack possibilities, then next is execution flow/execution logic analyzing - even in very secure php scripts (but with very complicated and sophisthicated code) can be found hidden logical design time flaws, just waiting to exploit. But this is hard work and first analyze all the user-submitted data to all the script parts Wink

-->EDIT<-- OOPS, sorry, my bad. I noticed, that you are talking about generic website (so called "black box") with not known source code...
All my previous text is meant to be about open source code Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu May 05, 2005 10:55 pm Reply with quote
FistFucker
Regular user
Regular user
Joined: May 06, 2005
Posts: 21




FistFucker's quote: "If you know how to use a programming language, you also know how to misuse it." So become a very good "PHP coder" and you will also become a very good "PHP hacker". I know this listens boring, but it's the true. Just read, read, read, learn, try out and understand, that's all. :-)

But blind attacking, without knowledge of the source code is very difficult. Sure you can find SQL injections, but they are most useless without knowledge of the database structure and then you can misuse them only for a full path disclosure. Local or remote file inclusion could be possible. Try something like: 'index.php?file=downloads' --> 'index.php?file=http://www.waraxe.com', 'index.php?file=/etc/passwd' or 'index.php?file=C:\boot.ini'. And if it shows the content of the URL or file you can execute your own PHP code there or steal files. (Local/Remote File Inclusion)
View user's profile Send private message
Finding Vulns in Generic PHP Site
www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.044 Seconds