Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Attacking Php

Attacking Php

Ratings: (0)|Views: 147 |Likes:
Published by elabir

More info:

Published by: elabir on Jun 03, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Assault on PHP Applications
PHP Vulnerability Exploitation
Aelphaeis Mangarae
June 13
[Table of Contents]
Web Application Vulnerability TypePage Number
Paper IntroductionPage 3File Inclusion VulnerabilitiesPage 4File Upload VulnerabilitiesPage 13Disk File Read/Write VulnerabilitiesPage 33Command Execution VulnerabilitiesPage 49SQL Injection VulnerabilitiesPage 54Insecure Cookie HandlingPage 104
Page 114Greetz ToPage 115
"Never increase, beyond what is necessary, the number of words required to explain anything"William of Ockham (1285-1349)In this paper I will cover a small array of vulnerabilities that occur in PHP applications.The vulnerabilities and the exploitation of them shown in this paper are the most common vulnerabilities thatyou will find exploits for in the public domain.As some people learn best by example, I use example vulnerable code and show exploitation ofvulnerabilities in PHP applications.Real world examples of vulnerabilities in PHP software are also shown to educate the reader.The server used for demonstration is this paper is a WAMP (Windows, Apache, MySQL, PHP) setup in mysmall LAN, the specific details of which are listed below.Keep in mind the examples in this paper are just examples intended to teach you the basics and is notnecessarily a reflection of real world exploitation.
Test Server Software:
Operating System: Windows XP x64Database: MySQL 5.1Web Server: Apache 2.2.0PHP Version: 5.1.2
Page 3

Activity (23)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
dolphinziyo liked this
wiz4r liked this
n3k liked this
MagnoBalt liked this
pureton liked this
AlexSim liked this
_halos_ liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->