 | News Feed |
 | Jobs Feed |
Sections
|
| feed this: |  |
Gareth Heyes' Blog: Faking the unexpected
by Chris Cornutt December 04, 2007 @ 08:36:04
Gareth Heyes has an example of yet another way he's seen developers incorrectly handle incoming connections and the information inside. This time, he focuses on the remote IP coming from the client.
Developers place too much trust in everything, they assume that certain data cannot be faked and therefore these pieces of data can be used as a Trojan horse. Lets take the REMOTE IP of a user, it seems a trusted source because of the TCP/IP connection between the user and the server.
He points out the difference between HTTP_X_FORWARDED_FOR and REMOTE_ADDR and how, despite them being the same almost all of the time, shouldn't be trusted since they could be spoofed. He even includes an example script showing how it could be done (and how a bit of Javascript can even be inserted).
voice your opinion now!
remoteaddr httpxforwardedfor remote ip address exploit remoteaddr httpxforwardedfor remote ip address exploit
Builder.com.au: PHP exploit code plants itself in GIF
by Chris Cornutt June 22, 2007 @ 12:41:00
Builder.com.au has a new article today about the recent image issue - the PHP code embedded inside the GIF - that's come up on several sites.
The exploit code slipped through the site's defenses with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institutes's Internet Storm Center. [...] Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language to create dynamic Web sites.
The article reports that, while this exploit hasn't happened much, the occurrences of it's use are growing with victims in a wide range of classifications - from small personal sites out to a certain major image hosting site. This same issue was discussed here on the PHPClasses.org website as well.
voice your opinion now!
gif exploit image script embed gif exploit image script embed
PHPClasses.org: PHP security exploit with GIF images
by Chris Cornutt June 20, 2007 @ 12:57:00
On the PHPClasses site today, there's a new post that points out an issue that could happen with dyanamic GIF creation in a PHP script leading to a security exploit.
Manuel Lemos writes:
The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users. Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.
The problem comes when a user decides to upload an "image" file that's actually a PHP script (ending in PHP even) to the remote system. When this is outputted, it's placed inside the image tag and executed with each page load. Manuel offers a suggestion to prevent the issue - protecting the images directory and using readfile to grab the contents of the file to output rather than just a straight echo.
voice your opinion now!
security exploit image gif dynamic readfile output security exploit image gif dynamic readfile output
Stefan Esser's Blog: Watching the PHP CVS
by Chris Cornutt May 10, 2007 @ 15:57:00
In this new post to the PHP Security blog today, Stefan Esser gives a good recommendation to developers out there looking to provide the most recent protection for their applications - look to the CVS.
One of the worst things in PHP security is the fact that vulnerabilities in PHP are usually patched in the CVS and then wait for months until they are disclosed to the public. Time enough for everyone to grab the fixes from CVS and develop exploits for the vulnerabilities. Therefore PHP vulnerabilities are usually already known to the bad guys for weeks or months when a new PHP version comes out and the public is notified about the vulnerability.
He also notes that there are sometimes when it happens that issues aren't represented in the materials that go out with each release. One he mentions specifically involves this bug.
voice your opinion now!
cvs update vulnerability exploit security release announcement cvs update vulnerability exploit security release announcement
|
Community Events
Don't see your event here? Let us know!
|