Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Robert Basic's Blog:
Benchmarking pages behind a login with ab
Nov 14, 2011 @ 10:12:05

Robert Basic has a recent post showing you how to use the "cookie jar" functionality included with Apache's "ab" benchmarking tool to get behind your PHP-based login with a simple curl and grep combo.

Tonight I decided to relax a bit and what better way of relaxing is there for a geek then to do some bash scripting?! So for fun and no profit I decided to try and benchmark pages with ab, Apache HTTP server benchmarking tool, which are behind a login. Turns out, it’s pretty easy after reading some man pages.

He includes an example of the format of the "cookie jar" and the shell script he used to grab the PHP session ID from it and inject it into the "ab" call. The script is on github.

tagged: benchmark ab apache login phpsessid session tutorial curl grep

Link:

The Hacker Webzine:
Two PHP Reconnaissance Vectors
Aug 08, 2007 @ 09:35:00

On the Hacker Webzine there's a new post pointing out two PHP reconnaissance vectors that can be used to find out more about the remote PHP servers.

I've talked about this if you followed my blog last week. These two vectors can be used to trigger error messages or to obtain more intelligence about the server within PHP. These are not very well known and therefore I wanted to share it here.

One of the vectors has to do with how the developer handles the $_SERVER variables (not sanitized correctly because the developer thinks they can't be changed) and the other deals with changing the PHPSESSID (session ID) to exploit if it is echoed back into the page.

tagged: reconnaissance vectors phpsessid server variable reconnaissance vectors phpsessid server variable

Link:

The Hacker Webzine:
Two PHP Reconnaissance Vectors
Aug 08, 2007 @ 09:35:00

On the Hacker Webzine there's a new post pointing out two PHP reconnaissance vectors that can be used to find out more about the remote PHP servers.

I've talked about this if you followed my blog last week. These two vectors can be used to trigger error messages or to obtain more intelligence about the server within PHP. These are not very well known and therefore I wanted to share it here.

One of the vectors has to do with how the developer handles the $_SERVER variables (not sanitized correctly because the developer thinks they can't be changed) and the other deals with changing the PHPSESSID (session ID) to exploit if it is echoed back into the page.

tagged: reconnaissance vectors phpsessid server variable reconnaissance vectors phpsessid server variable

Link:


Trending Topics: