News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

The Hacker Webzine:
Two PHP Reconnaissance Vectors
August 08, 2007 @ 09:35:00

On the Hacker Webzine there's a new post pointing out two PHP reconnaissance vectors that can be used to find out more about the remote PHP servers.

I've talked about this if you followed my blog last week. These two vectors can be used to trigger error messages or to obtain more intelligence about the server within PHP. These are not very well known and therefore I wanted to share it here.

One of the vectors has to do with how the developer handles the $_SERVER variables (not sanitized correctly because the developer thinks they can't be changed) and the other deals with changing the PHPSESSID (session ID) to exploit if it is echoed back into the page.

0 comments voice your opinion now!
reconnaissance vectors phpsessid server variable reconnaissance vectors phpsessid server variable

blog comments powered by Disqus

Similar Posts PHP 5.4 Will Have a Built-in Web Server

Gonzalo Ayuso: How to run a Web Server from a PHP application

HowTo Forge: PHP Programming Basics

Felix Geisendorfer's Blog: A PHP developers guide to JavaScript - Part 1

Kevin Schroder: What SSL $_SERVER variables are available in PHP

Community Events

Don't see your event here?
Let us know!

laravel introduction code series unittest threedevsandamaybe application interview wordpress release language install developer configure list library symfony community podcast api

All content copyright, 2014 :: - Powered by the Solar PHP Framework